Manoj, Returning AuthorizationInfo object would be fine too because it has methods to get roles and permissions. I imagine it would not take long to add this method. Any ideas when the Shiro's author plans to add this? Thanks.
On Mon, Oct 31, 2011 at 10:52 AM, Manoj Khangaonkar <[email protected]>wrote: > Hi Pham, > > You will need to write DAO classes/interfaces that go directly to your > repository or cache and return the data to your UI. > > It would be useful for the Shiro framework to add say a > > getPermissions method to may be the Subject interface. > > Something like > > List<Permission> lp = subject.getPermissions() > > But it is currently not there. > > In my experience , it is necessary to partition permissions based on > context. So something like > > List<Permission> lp = subject.getPermissions(context) > > would be even better. > > Manoj > > On Mon, Oct 31, 2011 at 6:16 AM, Pham Tran Quoc Viet > <[email protected]> wrote: > > Manoj, > > I figured that out after I sent the email. Thank you so much for still > > answering my stupid question. > > I hope this question is not as stupid: > > My application is GXT-based, a framework built on top of GWT. After > > authentication, I need to gather a list of roles and permissions, which > come > > out of the database, and return to client codes so that it can determine > > what menu to display. One of the google search result shows that there > is no > > way for me to do that because Subject class does not have any method to > deal > > with it. Wonder what is the cleanest way to do this? I was thinking of > > instantiating an object of my custom realm and call > doGetAuthorizationInfo > > method. Use session instead? Your thoughts are greatly appreciated. > > Thanks. > > > > On Sun, Oct 30, 2011 at 7:40 PM, Manoj Khangaonkar < > [email protected]> > > wrote: > >> > >> subject.isAuthenticated() > >> > >> -- Manoj > >> > >> On Sat, Oct 29, 2011 at 10:31 AM, Pham Tran Quoc Viet > >> <[email protected]> wrote: > >> > Thanks. I got it working. > >> > Upon posting back, how do I check the fact that the user has been > logged > >> > in? > >> > Thanks. > >> > > >> > On Fri, Oct 28, 2011 at 11:35 AM, Manoj Khangaonkar > >> > <[email protected]> > >> > wrote: > >> >> > >> >> See the Shiro documentation on how to turn on caching. > >> >> > >> >> When Caching in turned on , the Realm methods will not get called > >> >> everytime. > >> >> > >> >> Manoj > >> >> > >> >> On Fri, Oct 28, 2011 at 6:11 AM, Pham Tran Quoc Viet > >> >> <[email protected]> wrote: > >> >> > Hi All, > >> >> > I have two questions: > >> >> > 1) How do I initialize both authentication and authorization at the > >> >> > time > >> >> > of > >> >> > log-in. I want to do this to avoid querying db twice (one for > >> >> > authentication > >> >> > and one for authorization)? Any sample code would be the easiest to > >> >> > get > >> >> > me > >> >> > started. > >> >> > 2) Each time I call currrentUser.login() (just for testing purpose > as > >> >> > multiple login does not happen in real > life), doGetAuthenticationInfo > >> >> > is > >> >> > called. As a result, db is queried. Each time I call > >> >> > currrentUser.hasRole(), doGetAuthorizationInfo is then called. As a > >> >> > result, > >> >> > db is queried again. How do I avoid this repeated db queries? > >> >> > Thanks. > >> >> > >> >> > >> >> > >> >> -- > >> >> http://khangaonkar.blogspot.com/ > >> > > >> > > >> > >> > >> > >> -- > >> http://khangaonkar.blogspot.com/ > > > > > > > > -- > http://khangaonkar.blogspot.com/ >
