Hi. I have few simple (I think) questions: I have a realm which extends AuthorizingRealm 1. should I add roles and permissions to doGetAuthorizationInfo ? Is this is the place where this is done? 2. Where is made a check if user has permissions to given URL? For example user has authenticated, and he request admin panel page. Where should I check if user has access? If I have a mapping for that page in spring, I should get Subject object and then I should check if this subject has rights to that resource? 3. I would like to add user to few groups (roles). Each role has some permissions. Is there a place where permissions for given role are checked?
-- View this message in context: http://shiro-user.582556.n2.nabble.com/Few-fast-questions-about-authorization-tp7580341.html Sent from the Shiro User mailing list archive at Nabble.com.
