shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Demers (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SHIRO-534) Provide better documentation around permissions
Date Wed, 13 Jul 2016 18:32:20 GMT

     [ https://issues.apache.org/jira/browse/SHIRO-534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Brian Demers updated SHIRO-534:
-------------------------------
    Fix Version/s:     (was: 1.3.0)
      Component/s: Documentation

> Provide better documentation around permissions
> -----------------------------------------------
>
>                 Key: SHIRO-534
>                 URL: https://issues.apache.org/jira/browse/SHIRO-534
>             Project: Shiro
>          Issue Type: Documentation
>          Components: Documentation
>            Reporter: Kamal
>              Labels: documentation
>
> I was playing around with custom realms and I setup the following AuthorizingRealm:-
> {code}
> public class TestRealm extends AuthorizingRealm
> {
>     @Override
>     protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken inToken)
throws AuthenticationException
>     {
>         UsernamePasswordToken upToken = (UsernamePasswordToken) inToken;
>         if (upToken.getUsername().equals("Kamal") || upToken.getUsername().equals("NotKamal"))
>             return new SimpleAuthenticationInfo(upToken.getUsername(), upToken.getPassword(),
getName());
>         return null;
>     }
>     @Override
>     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection inPrincipals)
>     {
>         String username = (String) inPrincipals.fromRealm(getName()).iterator().next();
>         SimpleAuthorizationInfo authzInfo = new SimpleAuthorizationInfo();
>         authzInfo.addRole("User");
>         if (username.equals("Kamal"))
>         {
>             authzInfo.addStringPermission("PRODMA:READ:AU");
>             authzInfo.addStringPermission("PRODMA:WRITE:AU");
>             authzInfo.addStringPermission("PRODMA:READ:KB");
>             authzInfo.addStringPermission("PRODMA:WRITE:KB");
>             authzInfo.addStringPermission("SUPPMA:READ:KB");
>         }
>         else
>         {
>             authzInfo.addStringPermission("PRODMA:READ,WRITE,*:AU,*");
>         }
>         return authzInfo;
>     }
> }
> {code}
> I then setup the following resource (I am using Guice + Jersey):-
> {code}
> @Path("/{client}/shiroResource")
> public class ShiroResource
> {
>     private static final Logger LOG = LoggerFactory.getLogger(ShiroResource.class);
>     private HttpSession mSession;
>     @Inject
>     public ShiroResource(HttpSession inSession)
>     {
>         mSession = inSession;
>     }
>     @POST
>     @Path("requiresProdma.do")
>     @Produces(MediaType.APPLICATION_JSON)
>     @Consumes(MediaType.APPLICATION_JSON)
>     @RequiresPermissions({ "PRODMA:*:*" })
>     public String prodmaRequired()
>     {
>         return "Success";
>     }
>     @GET
>     @Path("requiresSuppma.do")
>     @Produces(MediaType.APPLICATION_JSON)
>     @Consumes(MediaType.APPLICATION_JSON)
>     @RequiresPermissions("PRODMA:*")
>     public String suppmaRequired()
>     {
>         return "Success";
>     }
> }
> {code}
> Now, if I login as NotKamal I have access to ShiroResource,suppmaRequired, but if I login
as Kamal, I won't.  It took me a while to work out that I needed to specify the permission
string like this:-
> {code}            authzInfo.addStringPermission("PRODMA:READ,WRITE,*:AU,*");
> {code}
> i feel that this is a bit unintuitive, but I guess it is what it is.  Can we provide
better examples of setting up a custom realm with permissions?  Preferably one which supports
custom wildcards.
> Thanks.
> Kamal.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message