String permission has flexibility. You can write any permission you want
but object permission generally you should implement Permission classes for
every domain class to provide explicitly.
public class Printer {
private Integer id;
public Printer() {
}
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
@Override
public boolean equals(Object obj) {
return (obj instanceof Printer) && (id != null)
? id.equals(((Printer) obj).getId())
: (obj == this);
}
@Override
public int hashCode() {
return (id != null)
? (this.getClass().hashCode() + id.hashCode())
: super.hashCode();
}
}
import org.apache.shiro.authz.Permission;
/**
*
* @author molgun
*/
public class PrinterPermission implements Permission{
private final Printer printer;
private final String actionPermission;
public PrinterPermission(Printer printer, String actionPermission) {
this.printer = printer;
this.actionPermission = actionPermission;
}
@Override
public boolean implies(Permission prmsn) {
if (prmsn instanceof PrinterPermission){
return false;
}
PrinterPermission pp = PrinterPermission.class.cast(prmsn);
return pp.getPrinter().equals(printer) &&
actionPermission.equals(pp.getActionPermission());
}
protected Printer getPrinter(){
return this.printer;
}
protected String getActionPermission(){
return this.actionPermission;
}
}
2014/1/22 Serkan Taş <[email protected]>
> Hi,
>
> According to documentation there are two options for permission based
> authorization.
>
> 1. Object-based Permission Checks
> 2. String-based permission checks
>
> I am not clear about which one is better under which conditions. Is there
> any detail description ?
>
> note : I checked the document at
> http://shiro.apache.org/authorization.html#Authorization-ObjectbasedPermissionChecks
> .
> And i also tried to implement object based one but failed, because always
> directs the instance to Wildcard. If any examples exist please let me know.
>
> serkan
