You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Forrest <fo...@gmail.com> on 2014/03/27 02:18:33 UTC
perms[] does not work for one who logged in but without the
corresponded permission
I have a web project which used form based authenticated, in case of prevent
a read only user from entering /client/new page by typing the URL into the
browser address to create a new client, I have the following setting in
shiro.ini:
/client/new = authc, perms[client:New]
But after the user who have not client:New permission logged in, and typed
the URL, the page could also appear. Is there any other settings need to be
set? Thanks.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/perms-does-not-work-for-one-who-logged-in-but-without-the-corresponded-permission-tp7579843.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: perms[] does not work for one who logged in but without the
corresponded permission
Posted by Forrest <fo...@gmail.com>.
Hi Domfarr, below are all my configurations:
[main]
shiro.loginUrl = /partials/login.jsp
shiro.successUrl = /index.html
md5CredentialsMatcher =
org.apache.shiro.authc.credential.HashedCredentialsMatcher
md5CredentialsMatcher.hashAlgorithmName = MD5
iniRealm.credentialsMatcher = $md5CredentialsMatcher
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager
[users]
janse = janse, Admin
abc = abc, ReadOnlyUser
[roles]
# Grant all permissions to Admin
Admin = *
# Grant read only permissions to ReadOnlyUser
ReadOnlyUser = *:View
[urls]
/css/** = anon
/brand.ico = anon
/partials/login.jsp = authc
/logout = logout
#I attempted the following two kind of setting, neither could work
#/client/new = authc, perms[client:New]
/client/new = perms[client:New]
/** = authc
--
View this message in context: http://shiro-user.582556.n2.nabble.com/perms-does-not-work-for-one-who-logged-in-but-without-the-corresponded-permission-tp7579843p7579848.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: perms[] does not work for one who logged in but without the
corresponded permission
Posted by Dominic Farr <do...@gmail.com>.
can you post your complete shiro config?
how have you set your [user] section is important.
On 27 March 2014 01:18, Forrest <fo...@gmail.com> wrote:
> I have a web project which used form based authenticated, in case of
> prevent
> a read only user from entering /client/new page by typing the URL into the
> browser address to create a new client, I have the following setting in
> shiro.ini:
> /client/new = authc, perms[client:New]
>
> But after the user who have not client:New permission logged in, and typed
> the URL, the page could also appear. Is there any other settings need to be
> set? Thanks.
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/perms-does-not-work-for-one-who-logged-in-but-without-the-corresponded-permission-tp7579843.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>