Hi ronen, This doesn't address your question re: how do it in pure Clojure, but as a data point we recently implemented a wrapper for Shiro in Clojure for use in setting policies on a ring-based web app.
We are using our own solution for checking the access policies on routes themselves, which is wholly unrelated to Shiro. For that matter, we don't use anything Shiro provides (other than what it forces us to setup, see below) relating to authentication, session or web routing, just its authorization capabilities, and we extend their JdbcRealm (http://shiro.apache.org/static/1.2.2/apidocs/index.html?org/apache/shiro/realm/jdbc/JdbcRealm.html) to plug it into our system. I'll try to lay out the pluses and minuses simply. Pluses: - once we figured out the architecture and where to "jack-in," it was pretty easy to wrap stuff up inside of Clojure. - the permission check stuff in our system was basically simply wrapping a specific method on the Subject class: http://shiro.apache.org/static/1.2.2/apidocs/org/apache/shiro/subject/Subject.html#checkPermission(java.lang.String) (more here: http://shiro.apache.org/permissions.html) - it has a really comprehensive role and permission management set of interfaces, and if you want to set up caching for your roles and whatnot, it's easy to extend--from a Java perspective. - as much as you go the "Shiro way," you will find it easy to implement and extend. Minuses: - as much as you go the "Shiro way," you will find it easy to implement and extend. I think that, if you already had your own authentication framework set up, it *may* be worth looking elsewhere for a RBAC/DAC/etc. solution. If you want something comprehensive, Shiro is definitely worth checking out. For us I think the jury is still out on whether or not it was worth the trouble or not. DD (2013/09/29 22:16), ronen wrote: > Hey, > > I was thinking about how to approach role and permission management in > Clojure, https://shiro.apache.org/ is one example of same a framekwork > > It sounds like a problem that core.logic could solve but I'm not sure > how to approach it > > Thought and ideas are welcome > > Thanks > > > -- > -- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To post to this group, send email to clojure@googlegroups.com > Note that posts from new members are moderated - please be patient with > your first post. > To unsubscribe from this group, send email to > clojure+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/clojure?hl=en > --- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to clojure+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
