You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Brian Demers (JIRA)" <ji...@apache.org> on 2016/07/13 18:32:20 UTC
[jira] [Updated] (SHIRO-534) Provide better documentation around
permissions
[ https://issues.apache.org/jira/browse/SHIRO-534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Demers updated SHIRO-534:
-------------------------------
Fix Version/s: (was: 1.3.0)
Component/s: Documentation
> Provide better documentation around permissions
> -----------------------------------------------
>
> Key: SHIRO-534
> URL: https://issues.apache.org/jira/browse/SHIRO-534
> Project: Shiro
> Issue Type: Documentation
> Components: Documentation
> Reporter: Kamal
> Labels: documentation
>
> I was playing around with custom realms and I setup the following AuthorizingRealm:-
> {code}
> public class TestRealm extends AuthorizingRealm
> {
> @Override
> protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken inToken) throws AuthenticationException
> {
> UsernamePasswordToken upToken = (UsernamePasswordToken) inToken;
> if (upToken.getUsername().equals("Kamal") || upToken.getUsername().equals("NotKamal"))
> return new SimpleAuthenticationInfo(upToken.getUsername(), upToken.getPassword(), getName());
> return null;
> }
> @Override
> protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection inPrincipals)
> {
> String username = (String) inPrincipals.fromRealm(getName()).iterator().next();
> SimpleAuthorizationInfo authzInfo = new SimpleAuthorizationInfo();
> authzInfo.addRole("User");
> if (username.equals("Kamal"))
> {
> authzInfo.addStringPermission("PRODMA:READ:AU");
> authzInfo.addStringPermission("PRODMA:WRITE:AU");
> authzInfo.addStringPermission("PRODMA:READ:KB");
> authzInfo.addStringPermission("PRODMA:WRITE:KB");
> authzInfo.addStringPermission("SUPPMA:READ:KB");
> }
> else
> {
> authzInfo.addStringPermission("PRODMA:READ,WRITE,*:AU,*");
> }
> return authzInfo;
> }
> }
> {code}
> I then setup the following resource (I am using Guice + Jersey):-
> {code}
> @Path("/{client}/shiroResource")
> public class ShiroResource
> {
> private static final Logger LOG = LoggerFactory.getLogger(ShiroResource.class);
> private HttpSession mSession;
> @Inject
> public ShiroResource(HttpSession inSession)
> {
> mSession = inSession;
> }
> @POST
> @Path("requiresProdma.do")
> @Produces(MediaType.APPLICATION_JSON)
> @Consumes(MediaType.APPLICATION_JSON)
> @RequiresPermissions({ "PRODMA:*:*" })
> public String prodmaRequired()
> {
> return "Success";
> }
> @GET
> @Path("requiresSuppma.do")
> @Produces(MediaType.APPLICATION_JSON)
> @Consumes(MediaType.APPLICATION_JSON)
> @RequiresPermissions("PRODMA:*")
> public String suppmaRequired()
> {
> return "Success";
> }
> }
> {code}
> Now, if I login as NotKamal I have access to ShiroResource,suppmaRequired, but if I login as Kamal, I won't. It took me a while to work out that I needed to specify the permission string like this:-
> {code} authzInfo.addStringPermission("PRODMA:READ,WRITE,*:AU,*");
> {code}
> i feel that this is a bit unintuitive, but I guess it is what it is. Can we provide better examples of setting up a custom realm with permissions? Preferably one which supports custom wildcards.
> Thanks.
> Kamal.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)