On Sun, Mar 1, 2015 at 2:31 PM, Brian Demers <[email protected]> wrote:
> If you haven't already take a look at wild card permissions: > http://shiro.apache.org/permissions.html > Yes, I did read about wild card permissions and they do support what I had in mind. > > For #3 and #4 > In my mind roles and groups are used almost interchangeably. But if i had > to split them up, I would say that a role is a collection of permissions, > and a group is a collection of users. In this case a Role could be > assigned to an individual user or a Group. A simple example might be an > 'Administrator-role' would likely contain all permissions. An > 'Administrator-group' would contain all your admin users. You would assign > the 'Administrator-role' to the 'Administrator-group' (this would be done > in a realm. > Thanks. This clarifies the concepts a bit. But can you tell me if there is a concept of grouping resource instances together, say into a resource group? Of course, if the application is responsible for modelling the entities, I guess it can implement the resource group concept itself but I just wanted to know if Shiro provides or recognizes any such support. > > As for your question about realms. Yes, in respects to only supporting > 'read' operations, this is mainly because most applications have there own > requirements, for example lots of applications store users in some other > type of store (i.e. LDAP / AD) > > Does that answer your questions? > Mostly yes. Thanks a lot. Raghu
