In general, at a first glance, this seems fine.
> String permString = "*:" + permission.name() + ":*";
>
This is my only concern. The interesting question to ask here is, "what
permissions does your application pass in isPermitted() method calls?". If
you are making calls like 'securityManager.isPermitted("create")' then you
simply want to do:
String permString = permission.name();
On the other hand, if you are making calls like
'securityManager.isPermitted("webpage:create:47")' then you want what you
have. Shiro does not dictate the CLASS:PERM:INSTANCE structure - it is
merely one suggested approach.
