Hi James, That should work. But clearly is less than elegant.
To do better Architecturally, I would look at the cache as structure that can have many clients, of which shiro is one client and the DAO is another. Just like a database where multiple clients can insert/update/delete rows. Manoj On Wed, Dec 14, 2011 at 8:24 AM, James Whetstone <[email protected]> wrote: > Hi Manoj, > > I should have seen this :-) . So I'm assuming that when I obtain my > security manager instance I should do it by casting the result like this: > > CacheSecurityManager mgr = (CacheSecurityManager) > SecurityUtils.getSecurityManager(); > > Since I've configured the system to use a cache manager, this should work, > right? > > Thanks! > > James > > ----- Original Message ----- From: "Manoj Khangaonkar" > <[email protected]> > To: <[email protected]> > Sent: Wednesday, December 14, 2011 7:12 AM > > Subject: Re: How to force reauthorization. > > > James, > > SecurityManager or more specifically CacheSecurityManager does have > get/set methods for the cacheManager. > > On Tue, Dec 13, 2011 at 10:07 PM, James Whetstone > <[email protected]> wrote: >> >> Hi Manoj, >> >> Thanks for your help on this. So I need some direction with regards to how >> to access and use the cache. >> >> I've configured by webapp with the following ini snippet: >> >> cassandraRealm = com.structuredcode.web.MyRealm >> >> securityManager.realms = $cassandraRealm >> >> cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager >> >> securityManager.cacheManager = $cacheManager >> >> So in my servlet, I'm upding the permissions using my DAO, as you've >> desribed, but at that point, I don't know how to obtain my cache manager >> instance. I've looked through the API documentation for the >> SecurityManager and Subject classes thinking I could obtain the cache >> manager through of these objects, but Idon't see an API call for this. >> >> What am I missing? >> >> Thank you! >> >> James >> >> >> >> ----- Original Message ----- From: "Manoj Khangaonkar" >> <[email protected]> >> To: <[email protected]> >> Sent: Tuesday, December 13, 2011 9:36 PM >> >> Subject: Re: How to force reauthorization. >> >> >> Hi James, >> >> You don'nt need to do this using the REALM. >> >> The DAO that writes the permission to database is outside the scope of >> Shiro. After writing to database, >> this DAO can either update the cache or evict the item from the cache. >> >> Manoj >> >> On Tue, Dec 13, 2011 at 5:50 PM, James Whetstone >> <[email protected]> wrote: >>> >>> >>> That makes sense. But I'm unclear no how to obtain an instance of my >>> realm >>> implementation (which extends AuthorizingRealm) because I don't know how >>> the >>> realm manages the cache. >>> >>> In other words, do I need to make my realm a singleton? Or is it ok to >>> just >>> create a new one wherever I need to (and the cache automatically uses the >>> cache manager I specified in my ini file)? >>> >>> Also, once I get my instance of the AuthorizingRealm, I'm unclear on how >>> to >>> update or clear the AuthorizationInfo for a particular subject because >>> the >>> API calls that look like what I need are protected. E.g. >>> clearCachedAuthorizationInfo() is protected. >>> >>> I'm thinking I need to create a custom method on my realm that >>> invalidates >>> the AuthorizationInfo for the given subject. >>> >>> Can anyone advise me on how to best implement this given Shiro's design? >>> >>> ---James >>> >>> >>> >>> >>> >>> ----- Original Message ----- From: "Manoj Khangaonkar" >>> <[email protected]> >>> To: <[email protected]> >>> Sent: Tuesday, December 13, 2011 12:07 PM >>> Subject: Re: How to force reauthorization. >>> >>> >>> >>> Hi James, >>> >>> If your AuthorizationInfo is cached, you might need to update the cache >>> when >>> new permissions are created for the principal. >>> >>> Manoj >>> >>> On Mon, Dec 12, 2011 at 9:31 PM, James Whetstone >>> <[email protected]> wrote: >>>> >>>> >>>> >>>> Hi everyone, >>>> >>>> My web app allows users to create resources dynamically through a web >>>> service. When this occurs, the user that is adding the new resource gets >>>> permission to read the resource. >>>> >>>> For example, the use that add the new resource will be given the >>>> following >>>> permission: >>>> "my_resource_type:read:a1cd6635-42a9-4528-bddf-4c994c58cf9a". >>>> The permissions are stored as strings in the database. >>>> >>>> So my problem is that if the user tries to read the resource immediately >>>> following the creation of the resource, the user is denied because the >>>> user >>>> has already been authorized through my custom realm and the new >>>> permission >>>> hasn't been processed out of the database as would normally occur when >>>> user >>>> authorization occurs. >>>> >>>> So I'm wondering if there is a way to force reauthorization, or >>>> otherwise >>>> handle this type of dynamic update to permissions, maybe by updating the >>>> Subject's authorization info dynamically. >>>> >>>> Thank you! >>>> James >>>> >>> >>> >>> >>> -- >>> http://khangaonkar.blogspot.com/ >>> >> >> >> >> -- >> http://khangaonkar.blogspot.com/ >> > > > > -- > http://khangaonkar.blogspot.com/ > -- http://khangaonkar.blogspot.com/
