Hi, You can start by opening a JIRA.
At some point, the committers with comment on whether it is a valid enhancement request or there is a better way to do this. Manoj On Mon, Oct 31, 2011 at 6:46 PM, Pham Tran Quoc Viet <[email protected]> wrote: > Manoj, > Returning AuthorizationInfo object would be fine too because it has methods > to get roles and permissions. I imagine it would not take long to add this > method. Any ideas when the Shiro's author plans to add this? Thanks. > > On Mon, Oct 31, 2011 at 10:52 AM, Manoj Khangaonkar <[email protected]> > wrote: >> >> Hi Pham, >> >> You will need to write DAO classes/interfaces that go directly to your >> repository or cache and return the data to your UI. >> >> It would be useful for the Shiro framework to add say a >> >> getPermissions method to may be the Subject interface. >> >> Something like >> >> List<Permission> lp = subject.getPermissions() >> >> But it is currently not there. >> >> In my experience , it is necessary to partition permissions based on >> context. So something like >> >> List<Permission> lp = subject.getPermissions(context) >> >> would be even better. >> >> Manoj >> >> On Mon, Oct 31, 2011 at 6:16 AM, Pham Tran Quoc Viet >> <[email protected]> wrote: >> > Manoj, >> > I figured that out after I sent the email. Thank you so much for still >> > answering my stupid question. >> > I hope this question is not as stupid: >> > My application is GXT-based, a framework built on top of GWT. After >> > authentication, I need to gather a list of roles and permissions, which >> > come >> > out of the database, and return to client codes so that it can determine >> > what menu to display. One of the google search result shows that there >> > is no >> > way for me to do that because Subject class does not have any method to >> > deal >> > with it. Wonder what is the cleanest way to do this? I was thinking of >> > instantiating an object of my custom realm and call >> > doGetAuthorizationInfo >> > method. Use session instead? Your thoughts are greatly appreciated. >> > Thanks. >> > >> > On Sun, Oct 30, 2011 at 7:40 PM, Manoj Khangaonkar >> > <[email protected]> >> > wrote: >> >> >> >> subject.isAuthenticated() >> >> >> >> -- Manoj >> >> >> >> On Sat, Oct 29, 2011 at 10:31 AM, Pham Tran Quoc Viet >> >> <[email protected]> wrote: >> >> > Thanks. I got it working. >> >> > Upon posting back, how do I check the fact that the user has been >> >> > logged >> >> > in? >> >> > Thanks. >> >> > >> >> > On Fri, Oct 28, 2011 at 11:35 AM, Manoj Khangaonkar >> >> > <[email protected]> >> >> > wrote: >> >> >> >> >> >> See the Shiro documentation on how to turn on caching. >> >> >> >> >> >> When Caching in turned on , the Realm methods will not get called >> >> >> everytime. >> >> >> >> >> >> Manoj >> >> >> >> >> >> On Fri, Oct 28, 2011 at 6:11 AM, Pham Tran Quoc Viet >> >> >> <[email protected]> wrote: >> >> >> > Hi All, >> >> >> > I have two questions: >> >> >> > 1) How do I initialize both authentication and authorization at >> >> >> > the >> >> >> > time >> >> >> > of >> >> >> > log-in. I want to do this to avoid querying db twice (one for >> >> >> > authentication >> >> >> > and one for authorization)? Any sample code would be the easiest >> >> >> > to >> >> >> > get >> >> >> > me >> >> >> > started. >> >> >> > 2) Each time I call currrentUser.login() (just for testing purpose >> >> >> > as >> >> >> > multiple login does not happen in real >> >> >> > life), doGetAuthenticationInfo >> >> >> > is >> >> >> > called. As a result, db is queried. Each time I call >> >> >> > currrentUser.hasRole(), doGetAuthorizationInfo is then called. As >> >> >> > a >> >> >> > result, >> >> >> > db is queried again. How do I avoid this repeated db queries? >> >> >> > Thanks. >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> http://khangaonkar.blogspot.com/ >> >> > >> >> > >> >> >> >> >> >> >> >> -- >> >> http://khangaonkar.blogspot.com/ >> > >> > >> >> >> >> -- >> http://khangaonkar.blogspot.com/ > > -- http://khangaonkar.blogspot.com/
