You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by "jim.piersol@gmail.com" <ji...@gmail.com> on 2019/02/28 16:57:02 UTC
WildCardPermisions
I am trying to find if there is a way to do this:
I have a user with permissions assigned like: "object:read:index1",
"object:read:index2", "object:read:index3" ...
I am looking for a way to check to see if my user has ANY permissions that
start with "object:read". I was thinking I could use
SecurityUtils.getSubject().isPermitted("object:read:*"), i.e. check for any
permissions that match, but that doesn't seem to work.
You can assign a permission with a wildcard to a user like :
"object:read:*", meaning this user has access to ALL things that check for
permission that start with "object:read", but I can't find a way to check
the opposite direction.
Any ideas?
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: WildCardPermisions
Posted by Brian Demers <br...@gmail.com>.
Personally, I always think of permissions the other way around.
Assign the more general permissions to my users, and very specific
permissions to my resources.
I also like to keep them right to left, generic to specific.
My user could have "object:abc" (or "object:abc:*") and when attempting to
access the permission i'd check for "object:abc:read"
This doesn't fit everyone's use cases of course, and might not help with
what you are trying to do
On Fri, Mar 1, 2019 at 11:06 AM jim.piersol@gmail.com <ji...@gmail.com>
wrote:
> No, that does not work. I wish it did, because it would cover my
> situation.
>
> If my User has the permission "object:read:abc"
>
> and I do: SecurityUtils.getSubject().isPermitted("object:read");
>
> the isPermitted(...) call returns "false".
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
>
Re: WildCardPermisions
Posted by "jim.piersol@gmail.com" <ji...@gmail.com>.
No, that does not work. I wish it did, because it would cover my situation.
If my User has the permission "object:read:abc"
and I do: SecurityUtils.getSubject().isPermitted("object:read");
the isPermitted(...) call returns "false".
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: WildCardPermisions
Posted by armandoxxx <ar...@dropchop.com>.
have you tried ?
Regards
Armando
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: WildCardPermisions
Posted by Claude Warren <cl...@xenei.com>.
I had a similar problem and the only solution I could find was to implement
my own permissions check.
Claude
On Thu, Feb 28, 2019 at 4:57 PM jim.piersol@gmail.com <ji...@gmail.com>
wrote:
> I am trying to find if there is a way to do this:
>
> I have a user with permissions assigned like: "object:read:index1",
> "object:read:index2", "object:read:index3" ...
>
> I am looking for a way to check to see if my user has ANY permissions that
> start with "object:read". I was thinking I could use
> SecurityUtils.getSubject().isPermitted("object:read:*"), i.e. check for any
> permissions that match, but that doesn't seem to work.
>
> You can assign a permission with a wildcard to a user like :
> "object:read:*", meaning this user has access to ALL things that check for
> permission that start with "object:read", but I can't find a way to check
> the opposite direction.
>
> Any ideas?
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
>
--
I like: Like Like - The likeliest place on the web
<http://like-like.xenei.com>
LinkedIn: http://www.linkedin.com/in/claudewarren