It's been a while but I think you are correct about how Shiro works. I
would use a role to solve this. You can make a role like "maintainer" and
assign that role to anyone that can maintain objects. Then you can protect
any pages after the url /maintain
On Wednesday, April 19, 2017, Robin
I've just about finished adding my first feature that uses object
permissions to a tapestry app (tapestry-security 0.5.1, tapestry 5.3.8).
Users are given permissions to the objects they are allowed to
maintain, when they go to the new page, only the objects they have
permission to maintain
this message in context:
http://tapestry.1045711.n5.nabble.com/tapestry-security-shiro-tp5060704p5060704.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr
--
View this message in context:
http://tapestry.1045711.n5.nabble.com/tapestry-security-shiro-tp5060704p5060704.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr
Hi Paul
The AuthorizingRealm constructor can take a CacheManager as a parameter.
In our case we use the EhCacheManager.
That's all you need!
Cheers.
Alejandro
On Fri, Nov 19, 2010 at 12:58 AM, Paul Stanton p...@mapshed.com.au wrote:
Kalle,
I'm think I'm making progress however I haven't
Alejandro,
Would you mind posting your Realm implementation?
I tried just providing a CacheManager to the constructor for
AuthorizingRealm but there must be something else missing as i still
have 2 problems:
1. The SimpleAccount is not being cached after the credentials have been
checked
Kalle,
I'm think I'm making progress however I haven't found a good guide to
confirm I'm on the right track.
I have a persistent User entity (db+hibernate). The user has multiple
roles. I only really want to use the RequiresRoles annotation on pages
(and some methods) at this point.
So