Hi Gareth, Modeling, storage and retrieval of users , permissions and roles varies from domain to domain and is done outside of Shiro. Shiro Realms glue user/roles/permission metadata into the Shiro Infrastructure.
On Fri, Jul 29, 2011 at 12:01 PM, gcollins <[email protected]> wrote: > Hello, > > In looking at the Subject interface, I see that there are many methods > available for verifying that a user has a particular role/permission (or set > of roles/permissions) which is great. > > What I don't see is any way for the application to retrieve the complete > list of permissions/roles for a user. Is this by design? > The association between users and permission or users and roles is maintained by you outside of Shiro. Hence it would not make sense for Shiro to provide the API. The doGetAuthorizationInfo method in the AuthorizingRealm is close to what you want but you would be implementing it as part of your Realm implementation > I ask this question because I have a scenario where, on user login, a set of > resources would automatically be made available to the user. I was hoping to > model access to each resource as a permission. However, the total list of > resources for is potentially very large, but the resources any individual > user could access would be very small. Rather than check every single > resource against the user's permission list, it would be preferable to get > the user's permission list to get the list of resources to download. > > Does it make sense what I am trying to do...or am I trying to use > permissions in a way they weren't designed for? A simple way to model is : Permission is resource based say, resourcetype:actions:instance User x has permissions File:*:File1.doc File:r,w:File2.doc ...... and so on Check permission: Subject.hasPermission("File:r:File1.doc") ; > > thanks in advance, > Gareth > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Retrieving-The-List-Of-Permissions-Or-Roles-For-A-User-tp6634613p6634613.html > Sent from the Shiro User mailing list archive at Nabble.com. > -- http://khangaonkar.blogspot.com/
