Hi, First off, thanks to all contributors to this project for creating it I've just started using it and appreciate the work that has gone in.
I have a question regarding a custom realm implementation which will be hitting a CouchDB instance to authenticate users. I already wrote an authentication service and I am now trying to integrate this with Shiro so I am implementing a Realm and taking as a guide the JDBC realm, however I am interested to know how often the database is hit to determine if a user (subject) has permission? What I want to do is at login time, load a user, their roles and permissions and to have that state remembered and not hit the database for each web request to see if they have a relevant role (this has the drawback of requiring a logout for new permissions to be assigned / removed but I can tackle that issue later). Any recommendations to how I may go about this? Can I store this stuff in the Subject? I am assuming that when using the JDBC approach, most interactions would not want to be hitting the database to find out if they are authorized? Regards, Marcus.
