You can verify whether a user / role has access to the record by including
these lines at the very beginning of the method which retrieves it from your
database:
Set<WildcardPermission> permissions = new HashSet<>();
permissions.add(new WildcardPermission("record:read:user"));
permissions.add(new WildcardPermission("record:write:user"));
SecurityUtils.getSubject().checkPermission(permissions);
// retrieve stuff from database
The checkPermission method will continue on normally when the subject has
the needed permissions and throw an UnauthorizedException if not.
You can also use annotations like @RequiresPermissions({"record:read:user",
"record:write:user"}) but then you cannot define the needed permissions
dynamically because annotations require constant values - this is *not* a
limitation of Shiro but of annotations.
Have a look at the API to get an idea of what Shiro supports
https://shiro.apache.org/static/1.2.3/apidocs/ .
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Dynamic-Authorization-tp7580696p7580697.html
Sent from the Shiro User mailing list archive at Nabble.com.
