You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2013/08/15 19:56:22 UTC
svn commit: r1514409 - in /isis/site/trunk/content:
components/security/shiro/about.md
components/security/shiro/configuring-shiro.md
components/security/shiro/shiro-realm-mappings.md documentation.md
Author: danhaywood
Date: Thu Aug 15 17:56:22 2013
New Revision: 1514409
URL: http://svn.apache.org/r1514409
Log:
shiro realm mappings
Added:
isis/site/trunk/content/components/security/shiro/shiro-realm-mappings.md
Modified:
isis/site/trunk/content/components/security/shiro/about.md
isis/site/trunk/content/components/security/shiro/configuring-shiro.md
isis/site/trunk/content/documentation.md
Modified: isis/site/trunk/content/components/security/shiro/about.md
URL: http://svn.apache.org/viewvc/isis/site/trunk/content/components/security/shiro/about.md?rev=1514409&r1=1514408&r2=1514409&view=diff
==============================================================================
--- isis/site/trunk/content/components/security/shiro/about.md (original)
+++ isis/site/trunk/content/components/security/shiro/about.md Thu Aug 15 17:56:22 2013
@@ -12,11 +12,8 @@ The shiro implementation provides integr
### Further Reading
- [Configuring Isis to use Shiro](configuring-shiro.html)
-
- How to configure an Isis webapp to use the Shiro-based security mechanism
-
- [Configuring Shiro to work with LDAP](using-ldap.html)
-
- How to configure Shiro itself to work against an LDAP server for both authentication (users/roles) and authorization (roles/permissions).
+- [Shiro Realm Mappings](components/security/shiro/realm-mappings.html)
+- [Format of Isis Permissions](components/security/shiro/realm-mappings.html)
Modified: isis/site/trunk/content/components/security/shiro/configuring-shiro.md
URL: http://svn.apache.org/viewvc/isis/site/trunk/content/components/security/shiro/configuring-shiro.md?rev=1514409&r1=1514408&r2=1514409&view=diff
==============================================================================
--- isis/site/trunk/content/components/security/shiro/configuring-shiro.md (original)
+++ isis/site/trunk/content/components/security/shiro/configuring-shiro.md Thu Aug 15 17:56:22 2013
@@ -25,38 +25,3 @@ Shiro is bootstrapped using the followin
</pre>
Shiro will then read `WEB-INF/shiro.ini` file to configure its Realm definitions for authentication and authorization.
-
-### Format of Permissions
-
-Shiro converts permission strings (as found in `WEB-INF/shiro.ini`) internally into `WildcardPermission` instances, with allow a permissions to be organized hierarchical and with wildcarding.
-
-This meets Isis' requirements well; we define the permission strings as follows:
-
-<pre>
-packageName:ClassName:memberName:r,w
-</pre>
-
-where:
-
-* `memberName` is the property, collection or action name.
-* `r` indicates that the member is visible
-* `w` indicates that the member is usable (editable or invokable)
-
-Because these are wildcards, a '*' can be used at any level. Additionally, missing levels assume wildcards.
-
-Thus:
-
-<pre>
-com.mycompany.myapp:Customer:firstName:r,w # view or edit customer's firstName
-com.mycompany.myapp:Customer:lastName:r # view customer's lastName only
-com.mycompany.myapp:Customer:placeOrder:* # view and invoke placeOrder action
-com.mycompany.myapp:Customer:placeOrder # ditto
-com.mycompany.myapp:Customer:*:r # view all customer class members
-com.mycompany.myapp:*:*:r # view-only access for all classes in myapp package
-com.mycompany.myapp:*:*:* # view/edit for all classes in myapp package
-com.mycompany.myapp:*:* # ditto
-com.mycompany.myapp:* # ditto
-com.mycompany.myapp # ditto
-* # view/edit access to everything
-</pre>
-
Added: isis/site/trunk/content/components/security/shiro/shiro-realm-mappings.md
URL: http://svn.apache.org/viewvc/isis/site/trunk/content/components/security/shiro/shiro-realm-mappings.md?rev=1514409&view=auto
==============================================================================
--- isis/site/trunk/content/components/security/shiro/shiro-realm-mappings.md (added)
+++ isis/site/trunk/content/components/security/shiro/shiro-realm-mappings.md Thu Aug 15 17:56:22 2013
@@ -0,0 +1,21 @@
+Title: Shiro Realm Mappings
+
+When configuring role based permission mapping, there can only be one of these entries per realm:
+
+ realm.groupToRolesMappings = ...
+
+and
+
+ realm.roleToPermissionsMappings = ...
+
+This forces you to put everything on one line for each of the above.
+
+This is, unfortunately, a Shiro "feature". The only solution to this is to use '\' to separate the mappings onto separate lines in the file so that it is at least maintainable.
+
+Use this technique for both group to roles mapping and role to permission mapping. If you use the '\' after the "," that separates the key:value pairs it is more readable.
+
+If you repeat the entries above then it's "last one wins".
+
+
+
+> **Note** you can't use a [roles] section because that triggers Shiro to use the simple "INI" realm and not your defined realm (in most cases you are going to use an LDAP realm in an enterprise environment and the "simple" realm in Shiro isn't much use beyond prototyping work).
\ No newline at end of file
Modified: isis/site/trunk/content/documentation.md
URL: http://svn.apache.org/viewvc/isis/site/trunk/content/documentation.md?rev=1514409&r1=1514408&r2=1514409&view=diff
==============================================================================
--- isis/site/trunk/content/documentation.md (original)
+++ isis/site/trunk/content/documentation.md Thu Aug 15 17:56:22 2013
@@ -256,8 +256,10 @@ Note: this viewer is third-party open so
### Shiro [1.1.1](components/security/shiro/release-notes/about.html)
- [About](components/security/shiro/about.html)
-- [Configuring Shiro](components/security/shiro/configuring-shiro.html)
-- [Using LDAP](components/security/shiro/using-ldap.html)
+- [Configuring Isis to use Shiro](components/security/shiro/configuring-shiro.html)
+- [Configuring Shiro to use LDAP](components/security/shiro/using-ldap.html)
+- [Shiro Realm Mappings](components/security/shiro/realm-mappings.html)
+- [Format of Isis Permissions](components/security/shiro/realm-mappings.html)
----------