Hi Manoj, Yep, Shiro does not dictate a security policy or domain model (on purpose, as all apps are different). You can make these associations however you like (permission to user, permission to role, perm to group, etc). Ultimately your Realm implementation determines how those associations are resolved.
If your realm implementation subclasses AuthorizingRealm, you can return an AuthorizationInfo instance from your doGetAuthorizationInfo implementation and populate that instance however you want based on your data model. HTH, Les On Thu, May 12, 2011 at 6:23 PM, Manoj Khangaonkar <[email protected]> wrote: > Hi, > > Does Shiro support assigning permissions directly to users ? ( not as roles ). > > such as > user1 has permission document:read,write:doc1 > user2 has permission document:read,write:doc2 > > Most examples assign roles to users and permission to roles. > > In looking at the implementation of Subject.isPermitted(String perm) > and JdbcRealm.java, I am thinking this is possible. I can store the > user - permission mapping in table and > I would need to override the implementation of > doGetAuthorizationInfo(Principal collection > > Am I right about this ? > > thanks > > Mj > > -- > http://khangaonkar.blogspot.com/
