You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Tauren Mills <ta...@tauren.com> on 2010/09/08 00:18:51 UTC
Removing Shiro dependencies from pojo models
I'm doing a bunch of refactoring of my project right now, breaking out
parts of it into different modules. I'm using maven in my build
process. I'm running into a situation where I have a Shiro dependency
in my "models" module. This makes me think there is probably a better
approach than what I'm using, so I'm hoping someone can provide some
advice. My "models" module has this dependency, and I'd like to remove
it:
<!-- SHIRO (for the utils package only -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
</dependency>
Basically, I have a Member that contains a set of Roles and a set of
Permissions. Each Role also contains a set of Permissions. I'm using
the folllowing Shiro dependencies in my Permission object:
* ShiroUtils.hasText()
* ShiroUtils.split()
I'm also using the values of the following, but I had to redefine them
since they aren't visible:
WildcardPermission.WILDCARD_TOKEN
WildcardPermission.PART_DIVIDER_TOKEN
Here's my Permission object, with some fluff removed
(getters/setters/equals/etc)...
@Entity
@Table(name="permissions")
@Cache(usage= CacheConcurrencyStrategy.READ_WRITE)
public class Permission extends AbstractEntity implements IEntity {
private static final long serialVersionUID = 1L;
// TODO: Should I do this differently?
// Copied from tokens from WildcardPermission since they aren't
visible, and it would
// make this pojo reliant on Shiro classes.
protected static final String WILDCARD_TOKEN = "*";
protected static final String PART_DIVIDER_TOKEN = ":";
private String domain;
private String actions;
private String targets;
/** Creates a domain permission with *all* actions for *all* targets; */
public Permission() {
this(null,null,null);
}
public Permission(String domain) {
this(domain,null,null);
}
public Permission(String domain, String actions) {
this(domain,actions,null);
}
public Permission(String domain, String actions, String targets) {
if (!StringUtils.hasText(domain)) {
// No domain specified, so create an All Permission
this.domain = "*";
this.actions = actions;
this.targets = targets;
}
else if (domain.contains(PART_DIVIDER_TOKEN)){
// Make sure that actions and targets are not declared
if (StringUtils.hasText(actions) || StringUtils.hasText(targets)) {
throw new IllegalArgumentException("cannot specify actions
or targets if domain contains full permissions string");
}
// Domain contains a full permission string, so parse it
String[] parts = StringUtils.split(domain,
PART_DIVIDER_TOKEN.charAt(0));
if (parts.length > 0) {
this.domain = parts[0];
}
if (parts.length > 1) {
this.actions = parts[1];
}
if (parts.length > 2) {
this.targets = parts[2];
}
return;
}
else {
this.domain = domain;
this.actions = actions;
this.targets = targets;
}
}
@Transient
public String getPermissionString() {
StringBuilder sb = new StringBuilder(domain);
if (!StringUtils.hasText(actions)) {
if (StringUtils.hasText(targets)) {
sb.append(PART_DIVIDER_TOKEN).append(WILDCARD_TOKEN);
}
} else {
sb.append(PART_DIVIDER_TOKEN).append(actions);
}
if (targets != null) {
sb.append(PART_DIVIDER_TOKEN).append(targets);
}
return sb.toString();
}
}
Ideally, my "models" maven module would have no dependencies on Shiro.
Is there a better approach that I should consider? I don't want to
implement my own version of StringUtils, but would rather not include
all of Shiro core. I was hoping there was a Shiro-utils module.
I realize that much of StringUtils is copied from Spring, but I think
that split() was customized. Also, I really don't want any Spring
dependencies in my "models" either, and currently don't have any.
Thanks,
Tauren
Re: Removing Shiro dependencies from pojo models
Posted by Kalle Korhonen <ka...@gmail.com>.
The obvious refactoring step would be to make actions and targets
entities as well (if they currently aren't). The question is, would
you need that in practice? You might need it if you you have atomic
operations on actions (say for example you need to know which
permission include this action). If you don't, it's not worth it in
practice. The same applies for using Shiro as a dependency. Is it that
big of deal (because of its size or some other reason) to have it as a
dependency? If so, copying StringUtils to your own package is a valid
strategy. StringUtils isn't likely to change frequently so IMHO, in
practice it's just not an issue you should get too hung up on. It's
not likely that we'd break StringUtils into its own Shiro-utils
module. The reason is that it's mostly internal and we are not in a
business of providing "commons" packages.
Kalle
On Tue, Sep 7, 2010 at 3:18 PM, Tauren Mills <ta...@tauren.com> wrote:
> I'm doing a bunch of refactoring of my project right now, breaking out
> parts of it into different modules. I'm using maven in my build
> process. I'm running into a situation where I have a Shiro dependency
> in my "models" module. This makes me think there is probably a better
> approach than what I'm using, so I'm hoping someone can provide some
> advice. My "models" module has this dependency, and I'd like to remove
> it:
>
> <!-- SHIRO (for the utils package only -->
> <dependency>
> <groupId>org.apache.shiro</groupId>
> <artifactId>shiro-core</artifactId>
> </dependency>
>
> Basically, I have a Member that contains a set of Roles and a set of
> Permissions. Each Role also contains a set of Permissions. I'm using
> the folllowing Shiro dependencies in my Permission object:
>
> * ShiroUtils.hasText()
> * ShiroUtils.split()
>
> I'm also using the values of the following, but I had to redefine them
> since they aren't visible:
>
> WildcardPermission.WILDCARD_TOKEN
> WildcardPermission.PART_DIVIDER_TOKEN
>
> Here's my Permission object, with some fluff removed
> (getters/setters/equals/etc)...
>
> @Entity
> @Table(name="permissions")
> @Cache(usage= CacheConcurrencyStrategy.READ_WRITE)
> public class Permission extends AbstractEntity implements IEntity {
> private static final long serialVersionUID = 1L;
>
> // TODO: Should I do this differently?
> // Copied from tokens from WildcardPermission since they aren't
> visible, and it would
> // make this pojo reliant on Shiro classes.
> protected static final String WILDCARD_TOKEN = "*";
> protected static final String PART_DIVIDER_TOKEN = ":";
>
> private String domain;
> private String actions;
> private String targets;
>
> /** Creates a domain permission with *all* actions for *all* targets; */
> public Permission() {
> this(null,null,null);
> }
>
> public Permission(String domain) {
> this(domain,null,null);
> }
>
> public Permission(String domain, String actions) {
> this(domain,actions,null);
> }
>
> public Permission(String domain, String actions, String targets) {
> if (!StringUtils.hasText(domain)) {
> // No domain specified, so create an All Permission
> this.domain = "*";
> this.actions = actions;
> this.targets = targets;
> }
> else if (domain.contains(PART_DIVIDER_TOKEN)){
> // Make sure that actions and targets are not declared
> if (StringUtils.hasText(actions) || StringUtils.hasText(targets)) {
> throw new IllegalArgumentException("cannot specify actions
> or targets if domain contains full permissions string");
> }
> // Domain contains a full permission string, so parse it
> String[] parts = StringUtils.split(domain,
> PART_DIVIDER_TOKEN.charAt(0));
> if (parts.length > 0) {
> this.domain = parts[0];
> }
> if (parts.length > 1) {
> this.actions = parts[1];
> }
> if (parts.length > 2) {
> this.targets = parts[2];
> }
> return;
> }
> else {
> this.domain = domain;
> this.actions = actions;
> this.targets = targets;
> }
> }
>
> @Transient
> public String getPermissionString() {
> StringBuilder sb = new StringBuilder(domain);
>
> if (!StringUtils.hasText(actions)) {
> if (StringUtils.hasText(targets)) {
> sb.append(PART_DIVIDER_TOKEN).append(WILDCARD_TOKEN);
> }
> } else {
> sb.append(PART_DIVIDER_TOKEN).append(actions);
> }
> if (targets != null) {
> sb.append(PART_DIVIDER_TOKEN).append(targets);
> }
> return sb.toString();
> }
>
> }
>
> Ideally, my "models" maven module would have no dependencies on Shiro.
> Is there a better approach that I should consider? I don't want to
> implement my own version of StringUtils, but would rather not include
> all of Shiro core. I was hoping there was a Shiro-utils module.
>
> I realize that much of StringUtils is copied from Spring, but I think
> that split() was customized. Also, I really don't want any Spring
> dependencies in my "models" either, and currently don't have any.
>
> Thanks,
> Tauren
>