I need to be able to remove or add permissions for my users. For example, a user is able to create a playlist. When the playlist is created, he is allowed to delete it, but he isn't allowed to delete playlist that others have made (obviously).
I have an AuthorizingRealm that builds the AuthorizationInfo (ex: from each user's playlists) for each Subject but this gets cached, which prevents my application from seeing reloaded/refreshed permissions. I've read some other posts and seen that you can call AuthorizingRealm#clearCachedAuthorizationInfo(PrincipalCollection principals). I'm using Spring MVC and I don't really want to inject my Realm implementation into a controller or service class just because it doesn't really belong in that stack. Is there another solution to refreshing permissions (other than disabling caching)? -- View this message in context: http://shiro-user.582556.n2.nabble.com/Updating-permissions-dynamically-at-runtime-tp7578886.html Sent from the Shiro User mailing list archive at Nabble.com.
