I need to implement a security framework in a desktop application that I'm developing to control authentication and user permission control. I've heard that Shiro is an easy and flexible framework to work with. Unfortunately I've only encountered web based application examples.
What I'm looking for is how to retrieve permissions levels and users from a database and then use them with Shiro. Has anyone developed something like this before, or know any tutorial that I could check? I need an idea of how to structure my database tables, and how to read permissions with Shiro.
Shiro
does not concern itself with what your User model looks like. It provides interfaces, namely Subject
and Realm
, and its children AuthenticatingRealm
and AuthorizingRealm
, for interacting with that model in whichever way you want.
A custom implementation of AuthenticatingRealm
will implement the doGetAuthenticationInfo
, in which you use your user model to create an AuthenticationInfo
object that holds the authentication information for a principal
or user.
You would do a similar action for authorization. Calling Subject#isPermitted(String)
will, further down the stack, check an AuthorizationInfo
object for authorization information which you retrieved from your database or other source (xml, plain text, etc.).
So just implement your own AuthenticatingRealm
and AuthorizingRealm
(possibly in same class) and register them with the SecurityManager
.