You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Jamesb <ja...@bowkett.info> on 2011/11/30 16:43:41 UTC

permission names when specifying permission via class-level annotations

Hi,

I am using Shiro with Stripes to create a webapp.  I have a Stripes
interceptor that performs the Shiro authentication as outlined here: 
http://www.ecyrd.com/ButtUgly/wiki/Main_blogentry_100910_1
http://www.ecyrd.com/ButtUgly/wiki/Main_blogentry_100910_1 

I have my classes annotated with the Shiro annotations, such as:
@RequiresRoles("administrator")

I am using a configured PropertiesRealm, with the properties file looking
like the following:

user.jamesb=5e884898da280...11ef721d1542d8,administrator,user
# with no further config for the roles

My stripes pages are obeying my Shiro configuration, and everything is
happy.  The question I have is that I want to create a menu to link to my
secured Stripes pages based on if the current user has permission to see
that page, so I am using the Shiro tag library:

<shiro:hasPermission name="what-goes-here">

I know the roles are being obeyed by receiving exceptions if I try to access
a page my role doesn't have access to, but I don't know what name= to pass
the tag library to match the permission based on the annotations in my
classes.  

I have tried to hack the PropertiesRealm by subclassing it and trying to
list the permissions by calling doGetAuthorizationInfo, as hinted at here:
http://shiro-user.582556.n2.nabble.com/Retrieving-The-List-Of-Permissions-Or-Roles-For-A-User-td6634613.html
http://shiro-user.582556.n2.nabble.com/Retrieving-The-List-Of-Permissions-Or-Roles-For-A-User-td6634613.html 

I'm currently trying to step through the process in the debugger, but it's
painful to say the least!...Any help you could offer would be gratefully
received.

Thanks,

-James

--
View this message in context: http://shiro-user.582556.n2.nabble.com/permission-names-when-specifying-permission-via-class-level-annotations-tp7047211p7047211.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: permission names when specifying permission via class-level annotations

Posted by Jamesb <ja...@bowkett.info>.

Thanks Jared....Yes @RequiredRoles is what I mean

I'm leaning towards using the shiro:hasRole tag as it doesn't seem like
there's any other choice when spec'ing your security with @RequiredRole
annotations as it appears to me these don't automagically get turned into
class level permissions by the PropertiesRealm so I'd have to write some of
my own code in a new custom realm.

Thanks,

-James

--
View this message in context: http://shiro-user.582556.n2.nabble.com/permission-names-when-specifying-permission-via-class-level-annotations-tp7047211p7050468.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: permission names when specifying permission via class-level annotations

Posted by Jared Bunting <ja...@peachjean.com>.

I'm not familiar with a @requiredgroups, so I'm going to assume 
@RequiresRoles.  While I don't have any experience with the jsp tags, I 
suspect that you're going to want to look at the shiro:hasRole 
(http://shiro.apache.org/web.html#Web-The%7B%7BhasRole%7D%7Dtag) tag 
and those related to it.

-Jared

On Thu 01 Dec 2011 03:48:58 AM CST, Jamesb wrote:
> Thanks for the response Manoj,
>
> After a little reflection, I think I can pose my question another way....
>
> I'm using the @requiredgroups() annotations to specify required groups for
> individual classes.  I'm then using the PropertiesRealm to specify users and
> their groups, but not specifying in the properties config any individual
> permissions....I'm leaving that up to the class-level, group annotations.  
>
> Is there any other way apart from inspecting the class annotations to ask
> the realm (in this case the PropertiesRealm) if a user has access to a
> particular class when only group level annotations have been specified?...In
> particular, is there an argument that I can specify to the
> <shiro:hasPermission tag?
>
> Thanks,
>
> -James
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/permission-names-when-specifying-permission-via-class-level-annotations-tp7047211p7049910.html
> Sent from the Shiro User mailing list archive at Nabble.com.

Re: permission names when specifying permission via class-level annotations

Posted by Jamesb <ja...@bowkett.info>.

Thanks for the response Manoj,

After a little reflection, I think I can pose my question another way....

I'm using the @requiredgroups() annotations to specify required groups for
individual classes.  I'm then using the PropertiesRealm to specify users and
their groups, but not specifying in the properties config any individual
permissions....I'm leaving that up to the class-level, group annotations.  

Is there any other way apart from inspecting the class annotations to ask
the realm (in this case the PropertiesRealm) if a user has access to a
particular class when only group level annotations have been specified?...In
particular, is there an argument that I can specify to the
<shiro:hasPermission tag?

Thanks,

-James

--
View this message in context: http://shiro-user.582556.n2.nabble.com/permission-names-when-specifying-permission-via-class-level-annotations-tp7047211p7049910.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: permission names when specifying permission via class-level annotations

Posted by Manoj Khangaonkar <kh...@gmail.com>.

Hi,

see the example in http://shiro.apache.org/java-authorization-guide.html

If your application has modelled a permission as File:read:account.doc
then it would be

<shiro:hasPermission name="File:read:account.doc">

Manoj

On Wed, Nov 30, 2011 at 7:43 AM, Jamesb <ja...@bowkett.info> wrote:
> Hi,
>
> I am using Shiro with Stripes to create a webapp.  I have a Stripes
> interceptor that performs the Shiro authentication as outlined here:
> http://www.ecyrd.com/ButtUgly/wiki/Main_blogentry_100910_1
> http://www.ecyrd.com/ButtUgly/wiki/Main_blogentry_100910_1
>
> I have my classes annotated with the Shiro annotations, such as:
> @RequiresRoles("administrator")
>
> I am using a configured PropertiesRealm, with the properties file looking
> like the following:
>
> user.jamesb=5e884898da280...11ef721d1542d8,administrator,user
> # with no further config for the roles
>
> My stripes pages are obeying my Shiro configuration, and everything is
> happy.  The question I have is that I want to create a menu to link to my
> secured Stripes pages based on if the current user has permission to see
> that page, so I am using the Shiro tag library:
>
> <shiro:hasPermission name="what-goes-here">
>
> I know the roles are being obeyed by receiving exceptions if I try to access
> a page my role doesn't have access to, but I don't know what name= to pass
> the tag library to match the permission based on the annotations in my
> classes.
>
> I have tried to hack the PropertiesRealm by subclassing it and trying to
> list the permissions by calling doGetAuthorizationInfo, as hinted at here:
> http://shiro-user.582556.n2.nabble.com/Retrieving-The-List-Of-Permissions-Or-Roles-For-A-User-td6634613.html
> http://shiro-user.582556.n2.nabble.com/Retrieving-The-List-Of-Permissions-Or-Roles-For-A-User-td6634613.html
>
> I'm currently trying to step through the process in the debugger, but it's
> painful to say the least!...Any help you could offer would be gratefully
> received.
>
> Thanks,
>
> -James
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/permission-names-when-specifying-permission-via-class-level-annotations-tp7047211p7047211.html
> Sent from the Shiro User mailing list archive at Nabble.com.



-- 
http://khangaonkar.blogspot.com/