Hi, According to documentation there are two options for permission based authorization.
1. Object-based Permission Checks 2. String-based permission checks I am not clear about which one is better under which conditions. Is there any detail description ? note : I checked the document at http://shiro.apache.org/authorization.html#Authorization-ObjectbasedPermissionChecks. And i also tried to implement object based one but failed, because always directs the instance to Wildcard. If any examples exist please let me know. serkan
