shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maria Jurcovicova (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SHIRO-314) Authorization ANTLR Grammar
Date Wed, 20 Jul 2011 21:27:59 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13068654#comment-13068654
] 

Maria Jurcovicova commented on SHIRO-314:
-----------------------------------------

I started with a grammar and would like to get some feedback on it. Demo proof-of-concept
parser is in the GrammarDemoProofOfConcept.rar attachment.

The grammar has four operators:
*  and &&
*  or  ||
*  not  !
*  parenthesis ( )

and two build-in functions:
* role,
* permission.

Example:
  @Secured("permission('account:1 0:test') && (permission('print paper') || !role('role'))")

--------------- Escaping: 
Theoretically, the symbol ' might be used in role or permission name. To escape it, use /.
Example:
  @Secured("permission('some role with /' symbol')") 
  @Secured("role('some role with // symbol')") 
 
The symbol \ is more standard, but that one has to be escaped in java. E.g. the user would
have to write 
  role('name with \\' in it')) instead of role('name with /' in it')) to get "name with '
in it"
  role('name with \\\\ in it')) instead of role('name with // in it')) to get "name with \
in it" or "name with / in it"

--------------- Shortcut 1: 
As expressions might get too long, both role and permission functions takes n parameters:
* role(role_1, role_2,  ..., role_n),
* permission(permission_1, permission_2, ..., permission_n).

Role function returns true if currently logged user has all specified roles. Permission function
returns true if currently logged user has all specified permissions.

Example:
  @Secured("role('traveling sales', 'employee')") 
  is equivalent to 
  @Secured("role('traveling sales') && role('employee')") 
  
  @Secured("permission('account:1', 'print')") 
  is equivalent to 
  @Secured("permission('account:1') && permission('print')") 

--------------- Shortcut 2: 
I assume that roles are used more often. If neither role nor permission function is specified,
role is assumed.

Example:
  @Secured("'traveling sales' && 'employee' || 'some role')") 
  is equivalent to 
  @Secured("role('traveling sales') && role('employee') || role('some role')") 


> Authorization ANTLR Grammar
> ---------------------------
>
>                 Key: SHIRO-314
>                 URL: https://issues.apache.org/jira/browse/SHIRO-314
>             Project: Shiro
>          Issue Type: New Feature
>          Components: Authorization (access control) 
>            Reporter: Maria Jurcovicova
>         Attachments: GrammarDemoProofOfConcept.rar
>
>
> Create a single annotation that would translate the expression into the relevant hasRole/isPermitted
calls. 
> Details are on wiki https://cwiki.apache.org/confluence/display/SHIRO/Version+2+Brainstorming#Version2Brainstorming-AuthorizationANTLRGrammar
. 

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message