isis-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Tildesley <davo...@yahoo.co.nz>
Subject Re: Shiro with JdbcRealm
Date Mon, 11 Nov 2013 23:59:05 GMT


Firstly, I don't think this value is valid:

"*:Inventory:*:r,w"

It needs to be:
"*:Inventory:*:*"


I don't what Inventory does but generally you only need to specify the implementation class
in the permission mapping.

David.




On Monday, 11 November 2013 11:59 PM, james agada <okwuiagada@gmail.com> wrote:
 
The other tables.
1. Table - User

USER_ID,DESCRIPTION,NAME,OWNEDBY,PARTY_PARTY_ID_OID,PASSWORD,VERSION
1,"James Agada",james,sven,2,ixzdore,4
2,"Anthonia Eze",Anthonia,sven,3,ANTHONIA,2
3,"sven from isis",sven,sven,2,pass,2
4,"chimaje agada new",chimaje,james,1,chimaje,3

2. Table -Userroles

USERID,ROLEID,IDX
1,1,0
2,2,0
3,3,0
4,3,0

3. Table - Role
ROLE_ID,DESCRIPTION,NAME,OWNEDBY,VERSION
1,"Site Administrator",SITEADMIN,sven,10
2,"Normal Site User",SITEUSER,sven,3
3,"Root Admin Role",admin_role,sven,2


4. Table - RolePermissions
ROLEID,PERMISSIONID,IDX
1,5,0
2,2,0
2,4,1
3,3,0






On Mon, Nov 11, 2013 at 5:17 AM, David Tildesley <davotnz@yahoo.co.nz>wrote:

> I suggest you remove the [users] and [roles] sections from the ini file as
> they are not needed for your purpose and from memory there is some
> side-effect from leaving them in place when not using the iniRealm. It
> would be useful to see the other tables as well.
>
> David.
>
>
>
>
> On Monday, 11 November 2013 3:16 AM, james agada <okwuiagada@gmail.com>
> wrote:
>
> I have struggled with this for some time and i still cannot get the
> behaviour right. Now, it is only a permission of * that works. Anyother
> permission and the user cannot see the menu or dashboard. I also have to
> shut down and restart before any permission changes or user definitions
> take effect.
>
> Here is the shiro.ini
>
> #
>
> # Licensed to the Apache Software Foundation (ASF) under one
>
> # or more contributor license agreements.  See the NOTICE file
>
> # distributed with this work for additional information
>
> # regarding copyright ownership.  The ASF licenses this file
>
> # to you under the Apache License, Version 2.0 (the
>
> # "License"); you may not use this file except in compliance
>
> # with the License.  You may obtain a copy of the License at
>
> #
>
> #    http://www.apache.org/licenses/LICENSE-2.0
>
> #
>
> # Unless required by applicable law or agreed to in writing,
>
> # software distributed under the License is distributed on an
>
> # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>
> # KIND, either express or implied.  See the License for the
>
> # specific language governing permissions and limitations
>
> # under the License.
>
> #
>
>
> [main]
>
> ps = org.apache.shiro.authc.credential.DefaultPasswordService
>
> pm = org.apache.shiro.authc.credential.PasswordMatcher
>
> pm.passwordService = $ps
>
>
> aa = org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
>
> sm = org.apache.shiro.authc.credential.SimpleCredentialsMatcher
>
>
> ds = com.jolbox.bonecp.BoneCPDataSource
>
> ds.driverClass = com.mysql.jdbc.Driver
>
> ds.jdbcUrl = jdbc:mysql://localhost:3306/myticket
>
> ds.username = root
>
> #ds.password =  .
>
> jdbcRealm.dataSource = $ds
>
>
> jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
>
> jdbcRealm.permissionsLookupEnabled = true
>
> jdbcRealm.credentialsMatcher = $sm
>
> builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
>
>
>
> jdbcRealm.dataSource = $ds
>
>
> jdbcRealm.authenticationQuery = SELECT password FROM user WHERE name = ?
>
> jdbcRealm.userRolesQuery = SELECT role.name AS role_name FROM
> user,userroles,
> role WHERE  user.user_id = userroles.userid AND userroles.roleid =
> role.role_id AND user.name = ?
>
> jdbcRealm.permissionsQuery = SELECT permission.permission AS roleper FROM
> role, permission, rolepermissions WHERE rolepermissions.roleid=role.role_id
> AND rolepermissions.permissionid = permission.permission_id AND role.name=
> ?
>
> securityManager.realms = $jdbcRealm
>
> securityManager.cacheManager = $builtInCacheManager
>
> # to use .ini file
>
> #securityManager.realms = $iniRealm
>
>
>
>
> #
>
> -----------------------------------------------------------------------------
>
> # Users and their assigned roles
>
> #
>
> # Each line conforms to the format defined in the
>
> # org.apache.shiro.realm.text.TextConfigurationRealm#setUserDefinitions
> JavaDoc
>
> #
>
> -----------------------------------------------------------------------------
>
>
> [users]
>
> # user = password, role1, role2, role3, ...
>
>
>
> sven = pass, admin_role
>
> dick = pass, user_role, self-install_role
>
> bob  = pass, user_role, self-install_role
>
> joe  = pass, user_role, self-install_role
>
> guest = guest, user_role
>
>
>
>
> #
>
> -----------------------------------------------------------------------------
>
> # Roles with assigned permissions
>
> #
>
> # Each line conforms to the format defined in the
>
> # org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions
> JavaDoc
>
> #
>
> -----------------------------------------------------------------------------
>
>
> [roles]
>
> # role = perm1, perm2, perm3, ...
>
> # perm in format: packageName:className:memberName:r,w
>
>
> user_role =   *:ToDoItemsJdo:*:*,\
>
>               *:ToDoItem:*:*
>
> self-install_role = *:ToDoItemsFixturesService:install:*
>
> admin_role = *
>
>
> ***
> Here is the permission table
> PERMISSION_ID,DESCRIPTION,NAME,OWNEDBY,PERMISSION,VERSION
> 1,"Create Users",CreateUser,sven,*:ToDoItemsFixturesService:install:*,7
> 2,"View Existing Users",ViewUsers,sven,*:User:*:r,2
> 3,"Root access",ROOT,sven,*,1
> 4,"Setup inventory",SetupInventory,sven,"*:Inventory:*:r,w",1
> 5,todo,TODO,sven,*:Parties:*:*,3
>
>
>
> On Fri, Oct 25, 2013 at 3:27 AM, David Tildesley <davotnz@yahoo.co.nz
> >wrote:
>
> > Copy us the whole shiro.ini file (blank out any sensitive connection
> info).
> >
> >
> > David.
> >
> >
> >
> > ________________________________
> >  From: james agada <okwuiagada@gmail.com>
> > To: "users@isis.apache.org" <users@isis.apache.org>
> > Sent: Friday, 25 October 2013 9:23 AM
> > Subject: Shiro with JdbcRealm
> >
> >
> > I have been able to setup shire to use a jdbcrealm and authenticate
> against
> > the database. However, it does not appear to use the permissions. I want
> to
> > set a role to have permissions only to run the ToDoItems fixture service
> > and I give the permission as so  *:ToDoItemsFixturesService:install:*.
> But
> > the user with the role still gets access to everything. Is there
> something
> > I am doing wrong?
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message