James, SecurityManager or more specifically CacheSecurityManager does have get/set methods for the cacheManager.
On Tue, Dec 13, 2011 at 10:07 PM, James Whetstone <[email protected]> wrote: > Hi Manoj, > > Thanks for your help on this. So I need some direction with regards to how > to access and use the cache. > > I've configured by webapp with the following ini snippet: > > cassandraRealm = com.structuredcode.web.MyRealm > > securityManager.realms = $cassandraRealm > > cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager > > securityManager.cacheManager = $cacheManager > > So in my servlet, I'm upding the permissions using my DAO, as you've > desribed, but at that point, I don't know how to obtain my cache manager > instance. I've looked through the API documentation for the > SecurityManager and Subject classes thinking I could obtain the cache > manager through of these objects, but Idon't see an API call for this. > > What am I missing? > > Thank you! > > James > > > > ----- Original Message ----- From: "Manoj Khangaonkar" > <[email protected]> > To: <[email protected]> > Sent: Tuesday, December 13, 2011 9:36 PM > > Subject: Re: How to force reauthorization. > > > Hi James, > > You don'nt need to do this using the REALM. > > The DAO that writes the permission to database is outside the scope of > Shiro. After writing to database, > this DAO can either update the cache or evict the item from the cache. > > Manoj > > On Tue, Dec 13, 2011 at 5:50 PM, James Whetstone > <[email protected]> wrote: >> >> That makes sense. But I'm unclear no how to obtain an instance of my realm >> implementation (which extends AuthorizingRealm) because I don't know how >> the >> realm manages the cache. >> >> In other words, do I need to make my realm a singleton? Or is it ok to >> just >> create a new one wherever I need to (and the cache automatically uses the >> cache manager I specified in my ini file)? >> >> Also, once I get my instance of the AuthorizingRealm, I'm unclear on how >> to >> update or clear the AuthorizationInfo for a particular subject because the >> API calls that look like what I need are protected. E.g. >> clearCachedAuthorizationInfo() is protected. >> >> I'm thinking I need to create a custom method on my realm that invalidates >> the AuthorizationInfo for the given subject. >> >> Can anyone advise me on how to best implement this given Shiro's design? >> >> ---James >> >> >> >> >> >> ----- Original Message ----- From: "Manoj Khangaonkar" >> <[email protected]> >> To: <[email protected]> >> Sent: Tuesday, December 13, 2011 12:07 PM >> Subject: Re: How to force reauthorization. >> >> >> >> Hi James, >> >> If your AuthorizationInfo is cached, you might need to update the cache >> when >> new permissions are created for the principal. >> >> Manoj >> >> On Mon, Dec 12, 2011 at 9:31 PM, James Whetstone >> <[email protected]> wrote: >>> >>> >>> Hi everyone, >>> >>> My web app allows users to create resources dynamically through a web >>> service. When this occurs, the user that is adding the new resource gets >>> permission to read the resource. >>> >>> For example, the use that add the new resource will be given the >>> following >>> permission: "my_resource_type:read:a1cd6635-42a9-4528-bddf-4c994c58cf9a". >>> The permissions are stored as strings in the database. >>> >>> So my problem is that if the user tries to read the resource immediately >>> following the creation of the resource, the user is denied because the >>> user >>> has already been authorized through my custom realm and the new >>> permission >>> hasn't been processed out of the database as would normally occur when >>> user >>> authorization occurs. >>> >>> So I'm wondering if there is a way to force reauthorization, or otherwise >>> handle this type of dynamic update to permissions, maybe by updating the >>> Subject's authorization info dynamically. >>> >>> Thank you! >>> James >>> >> >> >> >> -- >> http://khangaonkar.blogspot.com/ >> > > > > -- > http://khangaonkar.blogspot.com/ > -- http://khangaonkar.blogspot.com/
