isis-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From james agada <okwuiag...@gmail.com>
Subject Re: Shiro with JdbcRealm
Date Tue, 12 Nov 2013 05:43:16 GMT
I know but that should be only when I use that permission.

Sent from my iPhone

> On Nov 12, 2013, at 12:59 AM, David Tildesley <davotnz@yahoo.co.nz> wrote:
>
>
>
> Firstly, I don't think this value is valid:
>
> "*:Inventory:*:r,w"
>
> It needs to be:
> "*:Inventory:*:*"
>
>
> I don't what Inventory does but generally you only need to specify the implementation
class in the permission mapping.
>
> David.
>
>
>
>
> On Monday, 11 November 2013 11:59 PM, james agada <okwuiagada@gmail.com> wrote:
>
> The other tables.
> 1. Table - User
>
> USER_ID,DESCRIPTION,NAME,OWNEDBY,PARTY_PARTY_ID_OID,PASSWORD,VERSION
> 1,"James Agada",james,sven,2,ixzdore,4
> 2,"Anthonia Eze",Anthonia,sven,3,ANTHONIA,2
> 3,"sven from isis",sven,sven,2,pass,2
> 4,"chimaje agada new",chimaje,james,1,chimaje,3
>
> 2. Table -Userroles
>
> USERID,ROLEID,IDX
> 1,1,0
> 2,2,0
> 3,3,0
> 4,3,0
>
> 3. Table - Role
> ROLE_ID,DESCRIPTION,NAME,OWNEDBY,VERSION
> 1,"Site Administrator",SITEADMIN,sven,10
> 2,"Normal Site User",SITEUSER,sven,3
> 3,"Root Admin Role",admin_role,sven,2
>
>
> 4. Table - RolePermissions
> ROLEID,PERMISSIONID,IDX
> 1,5,0
> 2,2,0
> 2,4,1
> 3,3,0
>
>
>
>
>
>
> On Mon, Nov 11, 2013 at 5:17 AM, David Tildesley <davotnz@yahoo.co.nz>wrote:
>
>> I suggest you remove the [users] and [roles] sections from the ini file as
>> they are not needed for your purpose and from memory there is some
>> side-effect from leaving them in place when not using the iniRealm. It
>> would be useful to see the other tables as well.
>>
>> David.
>>
>>
>>
>>
>> On Monday, 11 November 2013 3:16 AM, james agada <okwuiagada@gmail.com>
>> wrote:
>>
>> I have struggled with this for some time and i still cannot get the
>> behaviour right. Now, it is only a permission of * that works. Anyother
>> permission and the user cannot see the menu or dashboard. I also have to
>> shut down and restart before any permission changes or user definitions
>> take effect.
>>
>> Here is the shiro.ini
>>
>> #
>>
>> # Licensed to the Apache Software Foundation (ASF) under one
>>
>> # or more contributor license agreements.  See the NOTICE file
>>
>> # distributed with this work for additional information
>>
>> # regarding copyright ownership.  The ASF licenses this file
>>
>> # to you under the Apache License, Version 2.0 (the
>>
>> # "License"); you may not use this file except in compliance
>>
>> # with the License.  You may obtain a copy of the License at
>>
>> #
>>
>> #    http://www.apache.org/licenses/LICENSE-2.0
>>
>> #
>>
>> # Unless required by applicable law or agreed to in writing,
>>
>> # software distributed under the License is distributed on an
>>
>> # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>>
>> # KIND, either express or implied.  See the License for the
>>
>> # specific language governing permissions and limitations
>>
>> # under the License.
>>
>> #
>>
>>
>> [main]
>>
>> ps = org.apache.shiro.authc.credential.DefaultPasswordService
>>
>> pm = org.apache.shiro.authc.credential.PasswordMatcher
>>
>> pm.passwordService = $ps
>>
>>
>> aa = org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
>>
>> sm = org.apache.shiro.authc.credential.SimpleCredentialsMatcher
>>
>>
>> ds = com.jolbox.bonecp.BoneCPDataSource
>>
>> ds.driverClass = com.mysql.jdbc.Driver
>>
>> ds.jdbcUrl = jdbc:mysql://localhost:3306/myticket
>>
>> ds.username = root
>>
>> #ds.password =  .
>>
>> jdbcRealm.dataSource = $ds
>>
>>
>> jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
>>
>> jdbcRealm.permissionsLookupEnabled = true
>>
>> jdbcRealm.credentialsMatcher = $sm
>>
>> builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
>>
>>
>>
>> jdbcRealm.dataSource = $ds
>>
>>
>> jdbcRealm.authenticationQuery = SELECT password FROM user WHERE name = ?
>>
>> jdbcRealm.userRolesQuery = SELECT role.name AS role_name FROM
>> user,userroles,
>> role WHERE  user.user_id = userroles.userid AND userroles.roleid =
>> role.role_id AND user.name = ?
>>
>> jdbcRealm.permissionsQuery = SELECT permission.permission AS roleper FROM
>> role, permission, rolepermissions WHERE rolepermissions.roleid=role.role_id
>> AND rolepermissions.permissionid = permission.permission_id AND role.name=
>> ?
>>
>> securityManager.realms = $jdbcRealm
>>
>> securityManager.cacheManager = $builtInCacheManager
>>
>> # to use .ini file
>>
>> #securityManager.realms = $iniRealm
>>
>>
>>
>>
>> #
>>
>> -----------------------------------------------------------------------------
>>
>> # Users and their assigned roles
>>
>> #
>>
>> # Each line conforms to the format defined in the
>>
>> # org.apache.shiro.realm.text.TextConfigurationRealm#setUserDefinitions
>> JavaDoc
>>
>> #
>>
>> -----------------------------------------------------------------------------
>>
>>
>> [users]
>>
>> # user = password, role1, role2, role3, ...
>>
>>
>>
>> sven = pass, admin_role
>>
>> dick = pass, user_role, self-install_role
>>
>> bob  = pass, user_role, self-install_role
>>
>> joe  = pass, user_role, self-install_role
>>
>> guest = guest, user_role
>>
>>
>>
>>
>> #
>>
>> -----------------------------------------------------------------------------
>>
>> # Roles with assigned permissions
>>
>> #
>>
>> # Each line conforms to the format defined in the
>>
>> # org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions
>> JavaDoc
>>
>> #
>>
>> -----------------------------------------------------------------------------
>>
>>
>> [roles]
>>
>> # role = perm1, perm2, perm3, ...
>>
>> # perm in format: packageName:className:memberName:r,w
>>
>>
>> user_role =   *:ToDoItemsJdo:*:*,\
>>
>>                *:ToDoItem:*:*
>>
>> self-install_role = *:ToDoItemsFixturesService:install:*
>>
>> admin_role = *
>>
>>
>> ***
>> Here is the permission table
>> PERMISSION_ID,DESCRIPTION,NAME,OWNEDBY,PERMISSION,VERSION
>> 1,"Create Users",CreateUser,sven,*:ToDoItemsFixturesService:install:*,7
>> 2,"View Existing Users",ViewUsers,sven,*:User:*:r,2
>> 3,"Root access",ROOT,sven,*,1
>> 4,"Setup inventory",SetupInventory,sven,"*:Inventory:*:r,w",1
>> 5,todo,TODO,sven,*:Parties:*:*,3
>>
>>
>>
>> On Fri, Oct 25, 2013 at 3:27 AM, David Tildesley <davotnz@yahoo.co.nz
>>> wrote:
>>
>>> Copy us the whole shiro.ini file (blank out any sensitive connection
>> info).
>>>
>>>
>>> David.
>>>
>>>
>>>
>>> ________________________________
>>>   From: james agada <okwuiagada@gmail.com>
>>> To: "users@isis.apache.org" <users@isis.apache.org>
>>> Sent: Friday, 25 October 2013 9:23 AM
>>> Subject: Shiro with JdbcRealm
>>>
>>>
>>> I have been able to setup shire to use a jdbcrealm and authenticate
>> against
>>> the database. However, it does not appear to use the permissions. I want
>> to
>>> set a role to have permissions only to run the ToDoItems fixture service
>>> and I give the permission as so  *:ToDoItemsFixturesService:install:*.
>> But
>>> the user with the role still gets access to everything. Is there
>> something
>>> I am doing wrong?

Mime
View raw message