I am using Shiro with Hibernate. I manage my users as Hibernate entities.
Then I created a custom Realm to do the authentication and a custom Subject
that provides easy access to the user object. One thing to watch out for
with Hibernate is the session stuff. It is likely that however you
implement it, you will make mistakes about whether your User object is
attached to the current session or not, so you may not want to cache it and
instead look it up every time so you always get one associated with the
current Hibernate session.
The other thing I did was create a wildcard permission scheme to support
what you are describing. The scheme isn't really code, just convention, but
it goes like
{entitytype}:create,read,update,delete,report:own,ownTenancy,any
So you might have a user who has permissions contact:*:own and
contact:read:ownTenancy. This would mean that they had permission to do
anything to their own contacts and read any contact in their own tenancy.
What it means to be your "own" contact is of course up to the domain. I
created helper classes that use the Hibernate Criteria API to automatically
add filters for these kinds of concepts, but I think a Hibernate Filter
would have been a better approach.
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Using-Shiro-Authorization-integrate-with-Hibernate-tp7501802p7517222.html
Sent from the Shiro User mailing list archive at Nabble.com.
