Thanks, Jesse.
I like using Shiro as it's powerful yet simple.
In case somebody has the same challenge, here is what I ended up doing:
1. ShiroOAuth2Code is an extended OAuth2Code class, which stores the
logged in user
2. OAuth2ServiceImpl.generateAccessToken creates as access token an
--|
|12/16/2011 08:17 AM
|
>-|
|>
| Subject: |
|>
>--------------
>-Original Message-
>From: Ronny Roeller [mailto:rroel...@gmail.com]
>Sent: Thursday, December 15, 2011 6:04 PM
>To: dev@shindig.apache.org
>Subject: Authorization for REST API
>
>Hi,
>
>I want to add fine-granular authorization for calls to the REST API. For
>example: a) users can read all