We need a *externalized *access control system since authorization we currently implemented is hard-coded everywhere and was so hard to maintain. So I googled and found a interesting article on Shiro official site:
http://shiro.apache.org/2011/05/24/the-new-rbac-resource-based-access-control.html About models of Access Control, there are many: https://en.wikipedia.org/wiki/Access_control#Access_control_models But *Resource-Based Access Control* is not on the list, and I cant find any page on web about this model except above link. So my question is, is this *Resource-Based Access Control *similar or* identical to* ABAC(Attribute-based access control)? Can I *adopt* Shiro as our Access Control solution based on *attributes of* Subject/user, *resource*(aware of this, that's why role-based access control is inappropriate) and environment/context?
