isis-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From james agada <okwuiag...@gmail.com>
Subject Re: Shiro with JdbcRealm
Date Sun, 10 Nov 2013 14:15:51 GMT
I have struggled with this for some time and i still cannot get the
behaviour right. Now, it is only a permission of * that works. Anyother
permission and the user cannot see the menu or dashboard. I also have to
shut down and restart before any permission changes or user definitions
take effect.

Here is the shiro.ini

#

# Licensed to the Apache Software Foundation (ASF) under one

# or more contributor license agreements.  See the NOTICE file

# distributed with this work for additional information

# regarding copyright ownership.  The ASF licenses this file

# to you under the Apache License, Version 2.0 (the

# "License"); you may not use this file except in compliance

# with the License.  You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing,

# software distributed under the License is distributed on an

# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

# KIND, either express or implied.  See the License for the

# specific language governing permissions and limitations

# under the License.

#


[main]

ps = org.apache.shiro.authc.credential.DefaultPasswordService

pm = org.apache.shiro.authc.credential.PasswordMatcher

pm.passwordService = $ps


aa = org.apache.shiro.authc.credential.AllowAllCredentialsMatcher

sm = org.apache.shiro.authc.credential.SimpleCredentialsMatcher


ds = com.jolbox.bonecp.BoneCPDataSource

ds.driverClass = com.mysql.jdbc.Driver

ds.jdbcUrl = jdbc:mysql://localhost:3306/myticket

ds.username = root

#ds.password =  .

jdbcRealm.dataSource = $ds


jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm

jdbcRealm.permissionsLookupEnabled = true

jdbcRealm.credentialsMatcher = $sm

builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager



jdbcRealm.dataSource = $ds


jdbcRealm.authenticationQuery = SELECT password FROM user WHERE name = ?

jdbcRealm.userRolesQuery = SELECT role.name AS role_name FROM user,userroles,
role WHERE  user.user_id = userroles.userid AND userroles.roleid =
role.role_id AND user.name = ?

jdbcRealm.permissionsQuery = SELECT permission.permission AS roleper FROM
role, permission, rolepermissions WHERE rolepermissions.roleid=role.role_id
AND rolepermissions.permissionid = permission.permission_id AND role.name =
?

securityManager.realms = $jdbcRealm

securityManager.cacheManager = $builtInCacheManager

# to use .ini file

#securityManager.realms = $iniRealm




#
-----------------------------------------------------------------------------

# Users and their assigned roles

#

# Each line conforms to the format defined in the

# org.apache.shiro.realm.text.TextConfigurationRealm#setUserDefinitions
JavaDoc

#
-----------------------------------------------------------------------------


[users]

# user = password, role1, role2, role3, ...



sven = pass, admin_role

dick = pass, user_role, self-install_role

bob  = pass, user_role, self-install_role

joe  = pass, user_role, self-install_role

guest = guest, user_role




#
-----------------------------------------------------------------------------

# Roles with assigned permissions

#

# Each line conforms to the format defined in the

# org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions
JavaDoc

#
-----------------------------------------------------------------------------


[roles]

# role = perm1, perm2, perm3, ...

# perm in format: packageName:className:memberName:r,w


user_role =   *:ToDoItemsJdo:*:*,\

              *:ToDoItem:*:*

self-install_role = *:ToDoItemsFixturesService:install:*

admin_role = *


***
Here is the permission table
PERMISSION_ID,DESCRIPTION,NAME,OWNEDBY,PERMISSION,VERSION
1,"Create Users",CreateUser,sven,*:ToDoItemsFixturesService:install:*,7
2,"View Existing Users",ViewUsers,sven,*:User:*:r,2
3,"Root access",ROOT,sven,*,1
4,"Setup inventory",SetupInventory,sven,"*:Inventory:*:r,w",1
5,todo,TODO,sven,*:Parties:*:*,3


On Fri, Oct 25, 2013 at 3:27 AM, David Tildesley <davotnz@yahoo.co.nz>wrote:

> Copy us the whole shiro.ini file (blank out any sensitive connection info).
>
>
> David.
>
>
>
> ________________________________
>  From: james agada <okwuiagada@gmail.com>
> To: "users@isis.apache.org" <users@isis.apache.org>
> Sent: Friday, 25 October 2013 9:23 AM
> Subject: Shiro with JdbcRealm
>
>
> I have been able to setup shire to use a jdbcrealm and authenticate against
> the database. However, it does not appear to use the permissions. I want to
> set a role to have permissions only to run the ToDoItems fixture service
> and I give the permission as so  *:ToDoItemsFixturesService:install:*. But
> the user with the role still gets access to everything. Is there something
> I am doing wrong?

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message