This is the root of all evil for instance base permission checks.. our problem was ... that user had 2000 IDs in the permission ... so writing permission with 2000 Ids in the target was not an option.
First thing we did was: First we did was use mongoDb for fast read, store of (instance - per user permissions) ... so realms would load data from there .. (caching) The second thing we did was to override isPermitted() method to check targets of permissions and introduced target resolvers ... example permission was "products:list:PRODUCT_TARGET_RESOLVER" ... PRODUCT_TARGET_RESOLVER - became constant to to load target resolver, which checked instance permissions ... it was a dirty job since Shiro does not support target resolvers ... so we extended Shiro to support it ... How you implement it is up to you ... Regards Armando -- View this message in context: http://shiro-user.582556.n2.nabble.com/Authentication-with-huge-number-of-entites-tp7581305p7581306.html Sent from the Shiro User mailing list archive at Nabble.com.
