You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@isis.apache.org by "Dan Haywood (JIRA)" <ji...@apache.org> on 2014/05/24 15:48:01 UTC

[jira] [Commented] (ISIS-775) ISIS-Shiro isPermitted issue

    [ https://issues.apache.org/jira/browse/ISIS-775?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14008125#comment-14008125 ] 

Dan Haywood commented on ISIS-775:
----------------------------------

The reason this is permitted is because you've overlooked the fact that sven also has admin_role, which is wildcarded to "*"

sven = pass, admin_role, site_role

admin_role = *
site_role = BBY:0540

~~~
To double check that there isn't in fact a problem with Isis, I made the following edits to the quickstart example app:

in Admin class, added:

    @Prototype
    @MemberOrder(sequence="20")
    public void perms() {
        Subject subject = SecurityUtils.getSubject();
        if (subject != null) {
            System.out.println("\n BBY:0540 = "+subject.isPermitted("BBY:0540"));
            System.out.println("\n BBY:0541 = "+subject.isPermitted("BBY:0541"));
        }
    }

In resources/realm1.ini, changed

sven = pass, admin_role, site_role

...

and

admin_role = *:Admin:*:*
site_role = BBY:0540


I then confirmed that when calling Admin#perms, it printed out:

 BBY:0540 = true
 BBY:0541 = false



>  ISIS-Shiro isPermitted issue
> -----------------------------
>
>                 Key: ISIS-775
>                 URL: https://issues.apache.org/jira/browse/ISIS-775
>             Project: Isis
>          Issue Type: Bug
>          Components: Security: Shiro
>            Reporter: Ranganath Chittari
>            Assignee: Dan Haywood
>            Priority: Critical
>         Attachments: Shiro-Permissions-Files.zip
>
>
> I want to use Apache-Shiro API methods in my code for some permissions check. But permission check is not working in ISIS-Shiro environment as it is based on class-based secyrity mechanism.
> For ex:
> in shiro.ini - I gave permission as below:
> site_role = BBY:0540
> In the code subject.isPermitted("BBY:541") also returning true.
> In non-ISIS environment, this security checking is working fine.
> Please help how to solve this issue.
> Please find attached files.
>  Shiro version is 1.2.2 as this is coming via Isis-secuirty-shiro-1.3.0



--
This message was sent by Atlassian JIRA
(v6.2#6252)