Thanks Les, overriding Authorizer's methods worked like a charm. One more minor issue to solve (I'll make a new post) and Shiro becomes a first-class citizen of my project :)
-n- On 03 Νοε 2010, at 9:31 μ.μ., Les Hazlewood wrote: > Hi Nassos, > > If you're subclassing the AuthorizingRealm class, as it sounds like > you are, Shiro will perform the permission checks for you already - > just ensure your doGetAuthorizationInfo method returns an > AuthorizationInfo instance (SimpleAuthorizationInfo is fine in most > cases). > > the doGetAuthorizationInfo method implementation is supposed to look > up the Subject's roles and permissions pertinent to that particular > Realm. For example: > > Collection thisRealmsPrincipals = principalCollection.fromRealm(getName()); > > Most of the time this collection will only have a single element - for > example, a username, a Long user ID, etc. If so, you can simply call > the 'getAvailablePrincipal(PrincipalCollection)' method in your > subclass - read its JavaDoc to see what it does. > > Based on that element, you can query your datasource for any and all > roles and/or permissions assigned to them. Then you bundle this up > in, say, a SimpleAuthorizationInfo instance and return it. The > AuthorizingRealm superclass knows how to take that instance and use it > to actually perform the permission checks. > > Now, this exists as a convenience - most people don't want to inspect > the permission or role arguments and want to have AuthorizingRealm > take care of all the 'dirty work' automatically. You should probably > use this approach (and use caching!) if you can as it will greatly > simplify your work. > > However, if you have specific requirements or you want full control > over how the check occurs, you can override any of the > org.apache.shiro.authz.Authorizer methods (all Realms extend this > interface) and look at the method argument to do whatever you want. > > Look at the AuthorizingRealm's source code [1] and you'll see exactly > how this works - you can override whatever you want to do it your own > way if you wish (look at the isPermitted(PrincipalCollection, String > permission) method implementation as a starter). > > Best regards, > > -- > Les Hazlewood > Founder, Katasoft, Inc. > Application Security Products & Professional Apache Shiro Support and > Training: > http://www.katasoft.com > > [1] > http://svn.apache.org/repos/asf/shiro/trunk/core/src/main/java/org/apache/shiro/realm/AuthorizingRealm.java
