isis-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Tildesley <davo...@yahoo.co.nz>
Subject Re: Shiro with JdbcRealm
Date Tue, 12 Nov 2013 09:26:49 GMT
> I know but that should be only when I use that permission.


Assumptions you can't afford - make those suggested corrections (all of them) and try again.

>I also define entities for user, permission and role in my isis app.
>These entities map to the tables used by shiro.
>Could there be conflict between shiro using the tables via jdbc and
>Isis using the entities?


Probably not - unless you are getting errors that indicate an issue. You could temporarily
remove the ISIS entities to know for sure.




On Tuesday, 12 November 2013 6:53 PM, james agada <okwuiagada@gmail.com> wrote:
 
I also define entities for user, permission and role in my isis app.
These entities map to the tables used by shiro.
Could there be conflict between shiro using the tables via jdbc and
Isis using the entities?

Sent from my iPhone


> On Nov 12, 2013, at 12:59 AM, David Tildesley <davotnz@yahoo.co.nz> wrote:
>
>
>
> Firstly, I don't think this value is valid:
>
> "*:Inventory:*:r,w"
>
> It needs to be:
> "*:Inventory:*:*"
>
>
> I don't what Inventory does but generally you only need to specify the implementation
class in the permission mapping.
>
> David.
>
>
>
>
> On Monday, 11 November 2013 11:59 PM, james agada <okwuiagada@gmail.com> wrote:
>
> The other tables.
> 1. Table - User
>
> USER_ID,DESCRIPTION,NAME,OWNEDBY,PARTY_PARTY_ID_OID,PASSWORD,VERSION
> 1,"James Agada",james,sven,2,ixzdore,4
> 2,"Anthonia Eze",Anthonia,sven,3,ANTHONIA,2
> 3,"sven from isis",sven,sven,2,pass,2
> 4,"chimaje agada new",chimaje,james,1,chimaje,3
>
> 2. Table -Userroles
>
> USERID,ROLEID,IDX
> 1,1,0
> 2,2,0
> 3,3,0
> 4,3,0
>
> 3. Table - Role
> ROLE_ID,DESCRIPTION,NAME,OWNEDBY,VERSION
> 1,"Site Administrator",SITEADMIN,sven,10
> 2,"Normal Site User",SITEUSER,sven,3
> 3,"Root Admin Role",admin_role,sven,2
>
>
> 4. Table - RolePermissions
> ROLEID,PERMISSIONID,IDX
> 1,5,0
> 2,2,0
> 2,4,1
> 3,3,0
>
>
>
>
>
>
> On Mon, Nov 11, 2013 at 5:17 AM, David Tildesley <davotnz@yahoo.co.nz>wrote:
>
>> I suggest you remove the [users] and [roles] sections from the ini file as
>> they are not needed for your purpose and from memory there is some
>> side-effect from leaving them in place when not using the iniRealm. It
>> would be useful to see the other tables as well.
>>
>> David.
>>
>>
>>
>>
>> On Monday, 11 November 2013 3:16 AM, james agada <okwuiagada@gmail.com>
>> wrote:
>>
>> I have struggled with this for some time and i still cannot get the
>> behaviour right. Now, it is only a permission of * that works. Anyother
>> permission and the user cannot see the menu or dashboard. I also have to
>> shut down and restart before any permission changes or user definitions
>> take effect.
>>
>> Here is the shiro.ini
>>
>> #
>>
>> # Licensed to the Apache Software Foundation (ASF) under one
>>
>> # or more contributor license agreements.  See the NOTICE file
>>
>> # distributed with this work for additional information
>>
>> # regarding copyright ownership.  The ASF licenses this file
>>
>> # to you under the Apache License, Version 2.0 (the
>>
>> # "License"); you may not use this file except in compliance
>>
>> # with the License.  You may obtain a copy of the License at
>>
>> #
>>
>> #    http://www.apache.org/licenses/LICENSE-2.0
>>
>> #
>>
>> # Unless required by applicable law or agreed to in writing,
>>
>> # software distributed under the License is distributed on an
>>
>> # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>>
>> # KIND, either express or implied.  See the License for the
>>
>> # specific language governing permissions and limitations
>>
>> # under the License.
>>
>> #
>>
>>
>> [main]
>>
>> ps = org.apache.shiro.authc.credential.DefaultPasswordService
>>
>> pm = org.apache.shiro.authc.credential.PasswordMatcher
>>
>> pm.passwordService = $ps
>>
>>
>> aa = org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
>>
>> sm = org.apache.shiro.authc.credential.SimpleCredentialsMatcher
>>
>>
>> ds = com.jolbox.bonecp.BoneCPDataSource
>>
>> ds.driverClass = com.mysql.jdbc.Driver
>>
>> ds.jdbcUrl = jdbc:mysql://localhost:3306/myticket
>>
>> ds.username = root
>>
>> #ds.password =  .
>>
>> jdbcRealm.dataSource = $ds
>>
>>
>> jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
>>
>> jdbcRealm.permissionsLookupEnabled = true
>>
>> jdbcRealm.credentialsMatcher = $sm
>>
>> builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
>>
>>
>>
>> jdbcRealm.dataSource = $ds
>>
>>
>> jdbcRealm.authenticationQuery = SELECT password FROM user WHERE name = ?
>>
>> jdbcRealm.userRolesQuery = SELECT role.name AS role_name FROM
>> user,userroles,
>> role WHERE  user.user_id = userroles.userid AND userroles.roleid =
>> role.role_id AND user.name = ?
>>
>> jdbcRealm.permissionsQuery = SELECT permission.permission AS roleper FROM
>> role, permission, rolepermissions WHERE rolepermissions.roleid=role.role_id
>> AND rolepermissions.permissionid = permission.permission_id AND role.name=
>> ?
>>
>> securityManager.realms = $jdbcRealm
>>
>> securityManager.cacheManager = $builtInCacheManager
>>
>> # to use .ini file
>>
>> #securityManager.realms = $iniRealm
>>
>>
>>
>>
>> #
>>
>> -----------------------------------------------------------------------------
>>
>> # Users and their assigned roles
>>
>> #
>>
>> # Each line conforms to the format defined in the
>>
>> # org.apache.shiro.realm.text.TextConfigurationRealm#setUserDefinitions
>> JavaDoc
>>
>> #
>>
>> -----------------------------------------------------------------------------
>>
>>
>> [users]
>>
>> # user = password, role1, role2, role3, ...
>>
>>
>>
>> sven = pass, admin_role
>>
>> dick = pass, user_role, self-install_role
>>
>> bob  = pass, user_role, self-install_role
>>
>> joe  = pass, user_role, self-install_role
>>
>> guest = guest, user_role
>>
>>
>>
>>
>> #
>>
>> -----------------------------------------------------------------------------
>>
>> # Roles with assigned permissions
>>
>> #
>>
>> # Each line conforms to the format defined in the
>>
>> # org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions
>> JavaDoc
>>
>> #
>>
>> -----------------------------------------------------------------------------
>>
>>
>> [roles]
>>
>> # role = perm1, perm2, perm3, ...
>>
>> # perm in format: packageName:className:memberName:r,w
>>
>>
>> user_role =   *:ToDoItemsJdo:*:*,\
>>
>>                *:ToDoItem:*:*
>>
>> self-install_role = *:ToDoItemsFixturesService:install:*
>>
>> admin_role = *
>>
>>
>> ***
>> Here is the permission table
>> PERMISSION_ID,DESCRIPTION,NAME,OWNEDBY,PERMISSION,VERSION
>> 1,"Create Users",CreateUser,sven,*:ToDoItemsFixturesService:install:*,7
>> 2,"View Existing Users",ViewUsers,sven,*:User:*:r,2
>> 3,"Root access",ROOT,sven,*,1
>> 4,"Setup inventory",SetupInventory,sven,"*:Inventory:*:r,w",1
>> 5,todo,TODO,sven,*:Parties:*:*,3
>>
>>
>>
>> On Fri, Oct 25, 2013 at 3:27 AM, David Tildesley <davotnz@yahoo.co.nz
>>> wrote:
>>
>>> Copy us the whole shiro.ini file (blank out any sensitive connection
>> info).
>>>
>>>
>>> David.
>>>
>>>
>>>
>>> ________________________________
>>>   From: james agada <okwuiagada@gmail.com>
>>> To: "users@isis.apache.org" <users@isis.apache.org>
>>> Sent: Friday, 25 October 2013 9:23 AM
>>> Subject: Shiro with JdbcRealm
>>>
>>>
>>> I have been able to setup shire to use a jdbcrealm and authenticate
>> against
>>> the database. However, it does not appear to use the permissions. I want
>> to
>>> set a role to have permissions only to run the ToDoItems fixture service
>>> and I give the permission as so  *:ToDoItemsFixturesService:install:*.
>> But
>>> the user with the role still gets access to everything. Is there
>> something
>>> I am doing wrong?
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message