A Subject is a transient object - created at the beginning of a request or thread's execution based on authentication state or account identity, so you wouldn't attach a Subject to a data record for example.
That said, you can achieve what you want w/ Shiro - you typically store permissions on an account record in a data store, and that account state is loaded by a Shiro Realm during an authentication attempt or authorization check. Realms can cache this state so that subsequent authorization checks don't have to access the source datastore continuously. A Subject instance maintains a pointer to that account state (i.e. an account id) after login so it can be accessed via the Subject at any point later. HTH! -- Les On Thu, Sep 10, 2015 at 11:20 AM, Mark <[email protected]> wrote: > I have a custom object store and would like to attach a Subject object to > each entry in the store and include permissions to that object. Is this > possible with Shiro? > >
