I need to implement a security framework in a desktop application that I'm developing to control authentication and user permission control. I've heard that Shiro is an easy and flexible framework to work with. Unfortunately I've only encountered web based application examples.
What I'm looking for is how to retrieve permissions levels and users from a database and then use them with Shiro. Has anyone developed something like this before, or know any tutorial that I could check? I need an idea of how to structure my database tables, and how to read permissions with Shiro.
Shiro does not concern itself with what your User model looks like. It provides interfaces, namely Subject and Realm, and its children AuthenticatingRealm and AuthorizingRealm, for interacting with that model in whichever way you want.
A custom implementation of AuthenticatingRealm will implement the doGetAuthenticationInfo, in which you use your user model to create an AuthenticationInfo object that holds the authentication information for a principal or user.
You would do a similar action for authorization. Calling Subject#isPermitted(String) will, further down the stack, check an AuthorizationInfo object for authorization information which you retrieved from your database or other source (xml, plain text, etc.).
So just implement your own AuthenticatingRealm and AuthorizingRealm (possibly in same class) and register them with the SecurityManager.