You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Pierce Wetter (JIRA)" <ji...@apache.org> on 2010/06/09 19:12:15 UTC
[jira] Created: (SHIRO-175) Improve Set of permission and role
checks
Improve Set of permission and role checks
-----------------------------------------
Key: SHIRO-175
URL: https://issues.apache.org/jira/browse/SHIRO-175
Project: Shiro
Issue Type: Improvement
Components: Authorization (access control)
Reporter: Pierce Wetter
Both the shiro tag library and tapestry-security have seen fit to extend the permissions and role checks. It would be nice to have a complete set of annotations and permissions checks as follows:
Right now, Shiro supports:
@RequiresRoles(String)
@RequiresPermissions(String)
These have the additionally issue that multiple values are separated by commas, which conflicts with commas in the permission strings.
I would like to suggest the following more complete, and specific set:
@RequiresAllRoles(String[] ) <-- same as current RequiresRoles, except the AND is specified, and the roles can be done via:
@RequiresAllRoles( {"role1", "role2"} )
@RequiresAnyRoles(String[] ) <--- the OR version, runs if any role is implied.
@RequiresAllPermissions(String[] )
@RequiresAnyPermissions(String[] )
SecurityCheck(allRoles, anyRoles, allPermissions, anyPermissions) <--- all in one with one annotation
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (SHIRO-175) Improve Set of permission and role
checks
Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kalle Korhonen resolved SHIRO-175.
----------------------------------
Fix Version/s: 1.1.0
Resolution: Fixed
There are several slight changes implemented as part of this issue:
- All annotations can now be applied to classes as well (@Target(ElementType.TYPE)) in addition to methods
- There's a new Logical annotation parameter that can be used to indicate the desired logic for processing multiple values for RequiresXXX annotations
- added Subject.checkRoles(String... roles) for completeness (compare to checkPermissions(...) ). I don't like this last part too much as multiple checkXXX operations make the API convoluted and the decision logic for processing them asymmetric (some exceptions are thrown from handlers whereas others are thrown from Authorizer). Closing the issue for now but re-open with comments or open new issues as needed.
> Improve Set of permission and role checks
> -----------------------------------------
>
> Key: SHIRO-175
> URL: https://issues.apache.org/jira/browse/SHIRO-175
> Project: Shiro
> Issue Type: Improvement
> Components: Authorization (access control)
> Reporter: Pierce Wetter
> Assignee: Kalle Korhonen
> Fix For: 1.1.0
>
>
> Both the shiro tag library and tapestry-security have seen fit to extend the permissions and role checks. It would be nice to have a complete set of annotations and permissions checks as follows:
> Right now, Shiro supports:
> @RequiresRoles(String)
> @RequiresPermissions(String)
> These have the additionally issue that multiple values are separated by commas, which conflicts with commas in the permission strings.
> I would like to suggest the following more complete, and specific set:
> @RequiresAllRoles(String[] ) <-- same as current RequiresRoles, except the AND is specified, and the roles can be done via:
> @RequiresAllRoles( {"role1", "role2"} )
> @RequiresAnyRoles(String[] ) <--- the OR version, runs if any role is implied.
> @RequiresAllPermissions(String[] )
> @RequiresAnyPermissions(String[] )
> SecurityCheck(allRoles, anyRoles, allPermissions, anyPermissions) <--- all in one with one annotation
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (SHIRO-175) Improve Set of permission and role
checks
Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kalle Korhonen reassigned SHIRO-175:
------------------------------------
Assignee: Kalle Korhonen
> Improve Set of permission and role checks
> -----------------------------------------
>
> Key: SHIRO-175
> URL: https://issues.apache.org/jira/browse/SHIRO-175
> Project: Shiro
> Issue Type: Improvement
> Components: Authorization (access control)
> Reporter: Pierce Wetter
> Assignee: Kalle Korhonen
>
> Both the shiro tag library and tapestry-security have seen fit to extend the permissions and role checks. It would be nice to have a complete set of annotations and permissions checks as follows:
> Right now, Shiro supports:
> @RequiresRoles(String)
> @RequiresPermissions(String)
> These have the additionally issue that multiple values are separated by commas, which conflicts with commas in the permission strings.
> I would like to suggest the following more complete, and specific set:
> @RequiresAllRoles(String[] ) <-- same as current RequiresRoles, except the AND is specified, and the roles can be done via:
> @RequiresAllRoles( {"role1", "role2"} )
> @RequiresAnyRoles(String[] ) <--- the OR version, runs if any role is implied.
> @RequiresAllPermissions(String[] )
> @RequiresAnyPermissions(String[] )
> SecurityCheck(allRoles, anyRoles, allPermissions, anyPermissions) <--- all in one with one annotation
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.