You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Pillar <so...@hotmail.com> on 2013/07/02 00:01:56 UTC
Updating permissions dynamically (at runtime)
I need to be able to remove or add permissions for my users. For example, a
user is able to create a playlist. When the playlist is created, he is
allowed to delete it, but he isn't allowed to delete playlist that others
have made (obviously).
I have an AuthorizingRealm that builds the AuthorizationInfo (ex: from each
user's playlists) for each Subject but this gets cached, which prevents my
application from seeing reloaded/refreshed permissions.
I've read some other posts and seen that you can call
AuthorizingRealm#clearCachedAuthorizationInfo(PrincipalCollection
principals). I'm using Spring MVC and I don't really want to inject my Realm
implementation into a controller or service class just because it doesn't
really belong in that stack. Is there another solution to refreshing
permissions (other than disabling caching)?
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Updating-permissions-dynamically-at-runtime-tp7578886.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Updating permissions dynamically (at runtime)
Posted by Nagaraju Kurma <na...@enhancesys.com>.
hi Les Hazlewood,
how to specify maximum user session for the login like in spring as follows
<security:concurrent-session-control
max-sessions="1" exception-if-maximum-exceeded="true"
expired-url="/loginform.do" />
i am assuming that there is a way in apache shiro, how to configure
this behaviour in apache shiro security api please guide me.
thanking u. :)
On Thu, Jul 4, 2013 at 12:12 AM, Nagaraju Kurma <
nagaraju.kurma@enhancesys.com> wrote:
> Hi Les Hazlewood,
> i am very much happy to see your reply and thankful to you..
>
> i checked that sample web application and it is working very much
> properly, as you said shiroFilter only doing that becoz there is no
> separate configauration for that.
>
> there they are using shiro.ini file to maintain the data where in our
> application we are maintaining ElasticSearch only this one is the
> difference which no where dependent.
>
> i am using shiroFilter in web.xml as our sample web application but in my
> application i am not getting that bread crumbs effect, could you pls
> suggest me?
>
> i am not sure that my configuration is 100% currecct, please help me out
> in this.
>
> here is my web.xml file
> ----------------------------------
>
> <?xml version="1.0" encoding="UTF-8"?>
> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns="http://java.sun.com/xml/ns/javaee" xmlns:jsp="
> http://java.sun.com/xml/ns/javaee/jsp"
> xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
> http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
> version="2.5">
> <display-name>spring freemarker</display-name>
> <context-param>
> <param-name>spring.profiles.default</param-name>
> <param-value>production</param-value>
> </context-param>
> <listener>
>
> <listener-class>net.enhancesys.auth.listeners.SystemOptionsUtilitiesListener</listener-class>
> </listener>
> <listener>
>
> <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
> </listener>
> <listener>
> <listener-class>freemarker.ext.jsp.EventForwarding</listener-class>
> </listener>
> <filter>
> <filter-name>shiroFilter</filter-name>
>
> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
> <init-param>
> <param-name>targetFilterLifecycle</param-name>
> <param-value>true</param-value>
> </init-param>
> </filter>
> <filter-mapping>
> <filter-name>shiroFilter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
> <listener>
>
> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
> </listener>
> <servlet>
> <servlet-name>JQGridTranServlet</servlet-name>
>
> <servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridTranServlet</servlet-class>
> </servlet>
> <servlet-mapping>
> <servlet-name>JQGridTranServlet</servlet-name>
> <url-pattern>/JQGridTranServlet</url-pattern>
> </servlet-mapping>
> <servlet>
> <servlet-name>springServlet</servlet-name>
>
> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
> <init-param>
> <param-name>contextConfigLocation</param-name>
> <param-value>/WEB-INF/applicationContext.xml</param-value>
> </init-param>
> <load-on-startup>1</load-on-startup>
> </servlet>
> <servlet-mapping>
> <servlet-name>springServlet</servlet-name>
> <url-pattern>/*</url-pattern>
> </servlet-mapping>
> <servlet>
> <description></description>
> <display-name>JQGridServlet</display-name>
> <servlet-name>JQGridServlet</servlet-name>
>
> <servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridServlet</servlet-class>
> </servlet>
> <servlet-mapping>
> <servlet-name>JQGridServlet</servlet-name>
> <url-pattern>/JQGridServlet</url-pattern>
> </servlet-mapping>
> <servlet>
> <description></description>
> <display-name>JQGridCallServlet</display-name>
> <servlet-name>JQGridCallServlet</servlet-name>
>
> <servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridCallServlet</servlet-class>
> </servlet>
> <servlet-mapping>
> <servlet-name>JQGridCallServlet</servlet-name>
> <url-pattern>/JQGridCallServlet</url-pattern>
> </servlet-mapping>
> <servlet>
> <description></description>
> <display-name>JQGridIncidentServlet</display-name>
> <servlet-name>JQGridIncidentServlet</servlet-name>
>
> <servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridIncidentServlet</servlet-class>
> </servlet>
> <servlet-mapping>
> <servlet-name>JQGridIncidentServlet</servlet-name>
> <url-pattern>/JQGridIncidentServlet</url-pattern>
> </servlet-mapping>
> <servlet>
> <description></description>
> <display-name>JQGridOrdersServlet</display-name>
> <servlet-name>JQGridOrdersServlet</servlet-name>
>
> <servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridOrdersServlet</servlet-class>
> </servlet>
> <servlet-mapping>
> <servlet-name>JQGridOrdersServlet</servlet-name>
> <url-pattern>/JQGridOrdersServlet</url-pattern>
> </servlet-mapping>
> <session-config>
> <session-timeout>1</session-timeout> <!-- 1 min--->
> </session-config>
> </web-app>
>
>
> here this session time out configuration is not getting effected into
> application, so that i have configured in spring application context file
> as shown below.
>
> shiro-security.xml
> -------------------------------
>
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="
> http://www.springframework.org/schema/context"
> xmlns:jee="http://www.springframework.org/schema/jee" xmlns:tx="
> http://www.springframework.org/schema/tx"
> xmlns:jpa="http://www.springframework.org/schema/data/jpa"
> default-lazy-init="true" xmlns:jdbc="
> http://www.springframework.org/schema/jdbc"
> xmlns:util="http://www.springframework.org/schema/util" xmlns:mvc="
> http://www.springframework.org/schema/mvc"
> xsi:schemaLocation="http://www.springframework.org/schema/jee
> http://www.springframework.org/schema/jee/spring-jee-3.1.xsd
> http://www.springframework.org/schema/jdbc
> http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
> http://www.springframework.org/schema/util
> http://www.springframework.org/schema/util/spring-util-3.1.xsd
> http://www.springframework.org/schema/data/jpa
> http://www.springframework.org/schema/data/jpa/spring-jpa.xsd
> http://www.springframework.org/schema/tx
> http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
> http://www.springframework.org/schema/context
> http://www.springframework.org/schema/context/spring-context-3.1.xsd">
>
> <bean id="securityManager"
> class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
> <!-- <property name="cacheManager" ref="cacheManager" /> -->
> <property name="sessionMode" value="native" />
> <property name="realm" ref="elasticsearchRealm" />
>
> <property name="sessionManager.globalSessionTimeout"
> value="60000" />
>
>
> <!-- 1 min -->
>
> </bean>
>
> <bean
>
> class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
> depends-on="lifecycleBeanPostProcessor" />
> <bean
>
> class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
> <property name="securityManager" ref="securityManager" />
> </bean>
>
> <!-- <bean id="cacheManager"
> class="org.apache.shiro.cache.ehcache.EhCacheManager"
> /> -->
> <bean id="elasticsearchRealm"
> class="net.enhancesys.auth.realm.ElasticSearchAuthRealm">
> <property name="name" value="elasticsearchRealm" />
> <property name="featuresLookupEnabled" value="true"></property>
> <property name="rolesLookupEnabled" value="true"></property>
> <property name="credentialsMatcher">
> <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
> <property name="hashAlgorithmName" value="SHA-256" />
> <property name="storedCredentialsHexEncoded" value="false" />
> </bean>
> </property>
> </bean>
> <bean
>
> class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
> <property name="securityManager" ref="securityManager" />
> </bean>
> <bean id="shiroFilter"
> class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
> <property name="securityManager" ref="securityManager" />
> <property name="loginUrl" value="/login" />
> <property name="successUrl"
> value="redirect:/main/welcome1?cat=dashboard.summary" />
> <property name="unauthorizedUrl" value="/login" />
> <property name="filterChainDefinitions">
> <value>
> /login = anon
> /logout = logout
> /** = authc
> </value>
> </property>
> </bean>
> </beans>
>
> please check this configuration and let me know the problem...
>
> thanking you :)
>
>
>
> On Wed, Jul 3, 2013 at 9:09 PM, Les Hazlewood <lh...@apache.org>wrote:
>
>> Hi Nagaraju,
>>
>> This is automatically handled by the authentication filter(s) in Shiro:
>> if they attempt to access a URL and are not logged in, the attempted URL is
>> saved to their session. After login, Shiro will automatically redirect
>> them back to the URL they originally tried to access. Shiro's basic sample
>> web application demonstrates this behavior:
>>
>> https://svn.apache.org/repos/asf/shiro/branches/1.2.x/samples/web/
>>
>> HTH,
>>
>> --
>> Les Hazlewood | @lhazlewood
>> CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
>>
>>
>> On Tue, Jul 2, 2013 at 10:08 PM, Nagaraju Kurma <
>> nagaraju.kurma@enhancesys.com> wrote:
>>
>>> sorry... i didnt get any situationlike that as of now.
>>> please if u know help me here.
>>>
>>> my requirement is i need to implement the bread crumbs in apache shiro
>>> security api, i referred tutorials but didnt reach my point.
>>>
>>> when session is timed out my application automatically redirects to
>>> login page, when the person is relogged in then i need to show the
>>> last activity but now from scrach...
>>>
>>> ex: user is doing operation like link1----> link-2 -------> link3 then
>>> now timed out, after relogin i have to show link3 page but not link1..
>>>
>>> can any body help me here..
>>> any help is appreciated, thanks :)
>>>
>>> On 7/3/13, Pillar <so...@hotmail.com> wrote:
>>> > I created an intermediary Observable class that registers the Realm
>>> (which
>>> > implements the Oberserver interface) on startup. When a Controller
>>> action
>>> > that would modify permissions gets called, I invalidate the Observable
>>> > which
>>> > notifies the Realm, which clears the cache.
>>> >
>>> > I don't feel like it's enough indirection, but it works well.
>>> >
>>> > Thanks!
>>> >
>>> >
>>> >
>>> > --
>>> > View this message in context:
>>> >
>>> http://shiro-user.582556.n2.nabble.com/Updating-permissions-dynamically-at-runtime-tp7578886p7578888.html
>>> > Sent from the Shiro User mailing list archive at Nabble.com.
>>> >
>>>
>>>
>>> --
>>>
>>>
>>> Regards,****
>>>
>>> Nagaraju.
>>>
>>
>>
>
>
> --
>
> Regards,****
>
> Nagaraju.
>
--
Regards,****
Nagaraju.
Re: Updating permissions dynamically (at runtime)
Posted by Nagaraju Kurma <na...@enhancesys.com>.
Hi Les Hazlewood,
i am very much happy to see your reply and thankful to you..
i checked that sample web application and it is working very much properly,
as you said shiroFilter only doing that becoz there is no separate
configauration for that.
there they are using shiro.ini file to maintain the data where in our
application we are maintaining ElasticSearch only this one is the
difference which no where dependent.
i am using shiroFilter in web.xml as our sample web application but in my
application i am not getting that bread crumbs effect, could you pls
suggest me?
i am not sure that my configuration is 100% currecct, please help me out in
this.
here is my web.xml file
----------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:jsp="
http://java.sun.com/xml/ns/javaee/jsp"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<display-name>spring freemarker</display-name>
<context-param>
<param-name>spring.profiles.default</param-name>
<param-value>production</param-value>
</context-param>
<listener>
<listener-class>net.enhancesys.auth.listeners.SystemOptionsUtilitiesListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<listener>
<listener-class>freemarker.ext.jsp.EventForwarding</listener-class>
</listener>
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>JQGridTranServlet</servlet-name>
<servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridTranServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>JQGridTranServlet</servlet-name>
<url-pattern>/JQGridTranServlet</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>springServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<display-name>JQGridServlet</display-name>
<servlet-name>JQGridServlet</servlet-name>
<servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>JQGridServlet</servlet-name>
<url-pattern>/JQGridServlet</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<display-name>JQGridCallServlet</display-name>
<servlet-name>JQGridCallServlet</servlet-name>
<servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridCallServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>JQGridCallServlet</servlet-name>
<url-pattern>/JQGridCallServlet</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<display-name>JQGridIncidentServlet</display-name>
<servlet-name>JQGridIncidentServlet</servlet-name>
<servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridIncidentServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>JQGridIncidentServlet</servlet-name>
<url-pattern>/JQGridIncidentServlet</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<display-name>JQGridOrdersServlet</display-name>
<servlet-name>JQGridOrdersServlet</servlet-name>
<servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridOrdersServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>JQGridOrdersServlet</servlet-name>
<url-pattern>/JQGridOrdersServlet</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>1</session-timeout> <!-- 1 min--->
</session-config>
</web-app>
here this session time out configuration is not getting effected into
application, so that i have configured in spring application context file
as shown below.
shiro-security.xml
-------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="
http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:tx="
http://www.springframework.org/schema/tx"
xmlns:jpa="http://www.springframework.org/schema/data/jpa"
default-lazy-init="true" xmlns:jdbc="
http://www.springframework.org/schema/jdbc"
xmlns:util="http://www.springframework.org/schema/util" xmlns:mvc="
http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/jee
http://www.springframework.org/schema/jee/spring-jee-3.1.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.1.xsd
http://www.springframework.org/schema/data/jpa
http://www.springframework.org/schema/data/jpa/spring-jpa.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd">
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!-- <property name="cacheManager" ref="cacheManager" /> -->
<property name="sessionMode" value="native" />
<property name="realm" ref="elasticsearchRealm" />
<property name="sessionManager.globalSessionTimeout"
value="60000" />
<!-- 1 min -->
</bean>
<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor" />
<bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>
<!-- <bean id="cacheManager"
class="org.apache.shiro.cache.ehcache.EhCacheManager"
/> -->
<bean id="elasticsearchRealm"
class="net.enhancesys.auth.realm.ElasticSearchAuthRealm">
<property name="name" value="elasticsearchRealm" />
<property name="featuresLookupEnabled" value="true"></property>
<property name="rolesLookupEnabled" value="true"></property>
<property name="credentialsMatcher">
<bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="SHA-256" />
<property name="storedCredentialsHexEncoded" value="false" />
</bean>
</property>
</bean>
<bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login" />
<property name="successUrl"
value="redirect:/main/welcome1?cat=dashboard.summary" />
<property name="unauthorizedUrl" value="/login" />
<property name="filterChainDefinitions">
<value>
/login = anon
/logout = logout
/** = authc
</value>
</property>
</bean>
</beans>
please check this configuration and let me know the problem...
thanking you :)
On Wed, Jul 3, 2013 at 9:09 PM, Les Hazlewood <lh...@apache.org> wrote:
> Hi Nagaraju,
>
> This is automatically handled by the authentication filter(s) in Shiro: if
> they attempt to access a URL and are not logged in, the attempted URL is
> saved to their session. After login, Shiro will automatically redirect
> them back to the URL they originally tried to access. Shiro's basic sample
> web application demonstrates this behavior:
>
> https://svn.apache.org/repos/asf/shiro/branches/1.2.x/samples/web/
>
> HTH,
>
> --
> Les Hazlewood | @lhazlewood
> CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
>
>
> On Tue, Jul 2, 2013 at 10:08 PM, Nagaraju Kurma <
> nagaraju.kurma@enhancesys.com> wrote:
>
>> sorry... i didnt get any situationlike that as of now.
>> please if u know help me here.
>>
>> my requirement is i need to implement the bread crumbs in apache shiro
>> security api, i referred tutorials but didnt reach my point.
>>
>> when session is timed out my application automatically redirects to
>> login page, when the person is relogged in then i need to show the
>> last activity but now from scrach...
>>
>> ex: user is doing operation like link1----> link-2 -------> link3 then
>> now timed out, after relogin i have to show link3 page but not link1..
>>
>> can any body help me here..
>> any help is appreciated, thanks :)
>>
>> On 7/3/13, Pillar <so...@hotmail.com> wrote:
>> > I created an intermediary Observable class that registers the Realm
>> (which
>> > implements the Oberserver interface) on startup. When a Controller
>> action
>> > that would modify permissions gets called, I invalidate the Observable
>> > which
>> > notifies the Realm, which clears the cache.
>> >
>> > I don't feel like it's enough indirection, but it works well.
>> >
>> > Thanks!
>> >
>> >
>> >
>> > --
>> > View this message in context:
>> >
>> http://shiro-user.582556.n2.nabble.com/Updating-permissions-dynamically-at-runtime-tp7578886p7578888.html
>> > Sent from the Shiro User mailing list archive at Nabble.com.
>> >
>>
>>
>> --
>>
>>
>> Regards,****
>>
>> Nagaraju.
>>
>
>
--
Regards,****
Nagaraju.
Re: Updating permissions dynamically (at runtime)
Posted by Les Hazlewood <lh...@apache.org>.
Hi Nagaraju,
This is automatically handled by the authentication filter(s) in Shiro: if
they attempt to access a URL and are not logged in, the attempted URL is
saved to their session. After login, Shiro will automatically redirect
them back to the URL they originally tried to access. Shiro's basic sample
web application demonstrates this behavior:
https://svn.apache.org/repos/asf/shiro/branches/1.2.x/samples/web/
HTH,
--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
On Tue, Jul 2, 2013 at 10:08 PM, Nagaraju Kurma <
nagaraju.kurma@enhancesys.com> wrote:
> sorry... i didnt get any situationlike that as of now.
> please if u know help me here.
>
> my requirement is i need to implement the bread crumbs in apache shiro
> security api, i referred tutorials but didnt reach my point.
>
> when session is timed out my application automatically redirects to
> login page, when the person is relogged in then i need to show the
> last activity but now from scrach...
>
> ex: user is doing operation like link1----> link-2 -------> link3 then
> now timed out, after relogin i have to show link3 page but not link1..
>
> can any body help me here..
> any help is appreciated, thanks :)
>
> On 7/3/13, Pillar <so...@hotmail.com> wrote:
> > I created an intermediary Observable class that registers the Realm
> (which
> > implements the Oberserver interface) on startup. When a Controller action
> > that would modify permissions gets called, I invalidate the Observable
> > which
> > notifies the Realm, which clears the cache.
> >
> > I don't feel like it's enough indirection, but it works well.
> >
> > Thanks!
> >
> >
> >
> > --
> > View this message in context:
> >
> http://shiro-user.582556.n2.nabble.com/Updating-permissions-dynamically-at-runtime-tp7578886p7578888.html
> > Sent from the Shiro User mailing list archive at Nabble.com.
> >
>
>
> --
>
>
> Regards,****
>
> Nagaraju.
>
Re: Updating permissions dynamically (at runtime)
Posted by Nagaraju Kurma <na...@enhancesys.com>.
sorry... i didnt get any situationlike that as of now.
please if u know help me here.
my requirement is i need to implement the bread crumbs in apache shiro
security api, i referred tutorials but didnt reach my point.
when session is timed out my application automatically redirects to
login page, when the person is relogged in then i need to show the
last activity but now from scrach...
ex: user is doing operation like link1----> link-2 -------> link3 then
now timed out, after relogin i have to show link3 page but not link1..
can any body help me here..
any help is appreciated, thanks :)
On 7/3/13, Pillar <so...@hotmail.com> wrote:
> I created an intermediary Observable class that registers the Realm (which
> implements the Oberserver interface) on startup. When a Controller action
> that would modify permissions gets called, I invalidate the Observable
> which
> notifies the Realm, which clears the cache.
>
> I don't feel like it's enough indirection, but it works well.
>
> Thanks!
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Updating-permissions-dynamically-at-runtime-tp7578886p7578888.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
--
Regards,****
Nagaraju.
Re: Updating permissions dynamically (at runtime)
Posted by Pillar <so...@hotmail.com>.
I created an intermediary Observable class that registers the Realm (which
implements the Oberserver interface) on startup. When a Controller action
that would modify permissions gets called, I invalidate the Observable which
notifies the Realm, which clears the cache.
I don't feel like it's enough indirection, but it works well.
Thanks!
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Updating-permissions-dynamically-at-runtime-tp7578886p7578888.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Updating permissions dynamically (at runtime)
Posted by Les Hazlewood <lh...@apache.org>.
The best thing to do here IMO is to create an interface that your
controller calls. The implementation of this interface can delegate to the
Realm to clear the cached permissions. I've done this on projects with
good results: loosely coupled and it works well.
You could also make this totally decoupled and use a simple event system:
trigger an event from the controller and the Realm is a listener for that
event that clears out that cache entry upon receiving the event.
Just some ideas - I hope that helps!
--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
On Mon, Jul 1, 2013 at 3:01 PM, Pillar <so...@hotmail.com> wrote:
> I need to be able to remove or add permissions for my users. For example, a
> user is able to create a playlist. When the playlist is created, he is
> allowed to delete it, but he isn't allowed to delete playlist that others
> have made (obviously).
>
> I have an AuthorizingRealm that builds the AuthorizationInfo (ex: from each
> user's playlists) for each Subject but this gets cached, which prevents my
> application from seeing reloaded/refreshed permissions.
>
> I've read some other posts and seen that you can call
> AuthorizingRealm#clearCachedAuthorizationInfo(PrincipalCollection
> principals). I'm using Spring MVC and I don't really want to inject my
> Realm
> implementation into a controller or service class just because it doesn't
> really belong in that stack. Is there another solution to refreshing
> permissions (other than disabling caching)?
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Updating-permissions-dynamically-at-runtime-tp7578886.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>