shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Serafeim Papastefanos <>
Subject Getting confused with Custom Authorizing Realms
Date Fri, 10 Feb 2012 08:43:52 GMT
Hello !

I have a problem with a custom authorizing realm and permissions. I am
trying to create a simple Authorizing Realm for Apache Shiro for

public class MyAuthRealm extends AuthorizingRealm {
    protected AuthorizationInfo
doGetAuthorizationInfo(PrincipalCollection principals) {
        SimpleAuthorizationInfo sai = new SimpleAuthorizationInfo();
        return sai;

    protected AuthenticationInfo
doGetAuthenticationInfo(AuthenticationToken token) throws
AuthenticationException {
        return null;

As you can see it doesn't care about who the user is - it just returns
a role and a specific permission.

Now, I am trying to test that in the following snipptet:

if(SecurityUtils.getSubject().hasRole("kota")) {
    out.write("kota ");
if(SecurityUtils.getSubject().hasRole("kota2")) {
    out.write("kota2 ");
if(SecurityUtils.getSubject().isPermitted("koko:toto:view")) {
    out.write("koko ");
if(SecurityUtils.getSubject().isPermitted("koko2:toto:view")) {
    out.write("koko2 ");

And I receive the following output

kota koko koko2

So it seems that the role is configured correctly (since the user only
has the role kota), but the permission is not (why is koko2
printed???) !!!!

Can anybody explain to me what I am doing wrong ?

Also, I have already asked the question to SO:

So if you want to asnwer it there and receive the reputation feel free
to do so.


View raw message