Hi James, You don'nt need to do this using the REALM.
The DAO that writes the permission to database is outside the scope of Shiro. After writing to database, this DAO can either update the cache or evict the item from the cache. Manoj On Tue, Dec 13, 2011 at 5:50 PM, James Whetstone <[email protected]> wrote: > That makes sense. But I'm unclear no how to obtain an instance of my realm > implementation (which extends AuthorizingRealm) because I don't know how the > realm manages the cache. > > In other words, do I need to make my realm a singleton? Or is it ok to just > create a new one wherever I need to (and the cache automatically uses the > cache manager I specified in my ini file)? > > Also, once I get my instance of the AuthorizingRealm, I'm unclear on how to > update or clear the AuthorizationInfo for a particular subject because the > API calls that look like what I need are protected. E.g. > clearCachedAuthorizationInfo() is protected. > > I'm thinking I need to create a custom method on my realm that invalidates > the AuthorizationInfo for the given subject. > > Can anyone advise me on how to best implement this given Shiro's design? > > ---James > > > > > > ----- Original Message ----- From: "Manoj Khangaonkar" > <[email protected]> > To: <[email protected]> > Sent: Tuesday, December 13, 2011 12:07 PM > Subject: Re: How to force reauthorization. > > > > Hi James, > > If your AuthorizationInfo is cached, you might need to update the cache when > new permissions are created for the principal. > > Manoj > > On Mon, Dec 12, 2011 at 9:31 PM, James Whetstone > <[email protected]> wrote: >> >> Hi everyone, >> >> My web app allows users to create resources dynamically through a web >> service. When this occurs, the user that is adding the new resource gets >> permission to read the resource. >> >> For example, the use that add the new resource will be given the following >> permission: "my_resource_type:read:a1cd6635-42a9-4528-bddf-4c994c58cf9a". >> The permissions are stored as strings in the database. >> >> So my problem is that if the user tries to read the resource immediately >> following the creation of the resource, the user is denied because the >> user >> has already been authorized through my custom realm and the new permission >> hasn't been processed out of the database as would normally occur when >> user >> authorization occurs. >> >> So I'm wondering if there is a way to force reauthorization, or otherwise >> handle this type of dynamic update to permissions, maybe by updating the >> Subject's authorization info dynamically. >> >> Thank you! >> James >> > > > > -- > http://khangaonkar.blogspot.com/ > -- http://khangaonkar.blogspot.com/
