Hey man .. I've checked our code and I it's total foobar of it ... it works but we only used it once ... so from what I saw (what we implemented afterwards) we are creating instance permissions on the fly when creating record instances ...
let me elaborate: user creates a record (product, document, ...) ... after we store on our record in storage (db, mongo, etc ... ) we call our SecurityUtils.generatePermission(object, owner); to create instance permissions for owner or other ppl, security entities in the system that can have permission for this record ... we also implemented Realms to load these permissions .. and there we have it ... instance based permission ... the Shiro way ... our permission is like ... product:view:PRODUCT_UUID << and instnace permission is stored on security entity ... That's why we use no-sql storage. Sorry for earlier kinda misleading post .. our code was written and rewritten long time ago so I forgot about it ... I just remembered the ideas ... Kind regards Armando -- View this message in context: http://shiro-user.582556.n2.nabble.com/Authentication-with-huge-number-of-entites-tp7581305p7581309.html Sent from the Shiro User mailing list archive at Nabble.com.
