You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2021/04/15 07:06:40 UTC
[isis-app-helloworld] 01/01: enables secman, with dummy users
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a commit to branch jdo-secman
in repository https://gitbox.apache.org/repos/asf/isis-app-helloworld.git
commit e1fe94c6cdcfe5d208a03caa7367c675bceb5287
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Thu Apr 15 08:01:24 2021 +0100
enables secman, with dummy users
---
pom.xml | 34 ++++++++++++
.../java/domainapp/security/SeedUsersAndRoles.java | 61 ++++++++++++++++++++++
.../security/scripts/RoleAndPerms__NoDelete.java | 26 +++++++++
.../security/scripts/RoleAndPerms__UserRo.java | 32 ++++++++++++
.../security/scripts/RoleAndPerms__UserRw.java | 34 ++++++++++++
.../security/scripts/SecmanConstants.java | 11 ++++
.../security/scripts/UserToRole__bob_UserRw.java | 17 ++++++
.../security/scripts/UserToRole__dick_UserRo.java | 17 ++++++
.../UserToRole__joe_UserRw_but_NoDelete.java | 18 +++++++
src/main/java/domainapp/webapp/AppManifest.java | 51 ++++++++++++++++++
src/main/resources/menubars.layout.xml | 44 ++++++++++++++--
src/main/resources/shiro.ini | 37 ++-----------
12 files changed, 346 insertions(+), 36 deletions(-)
diff --git a/pom.xml b/pom.xml
index 6fdb43c..ba4abee 100644
--- a/pom.xml
+++ b/pom.xml
@@ -52,9 +52,43 @@
</plugins>
</build>
+
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.isis.extensions</groupId>
+ <artifactId>isis-extensions-secman</artifactId>
+ <scope>import</scope>
+ <type>pom</type>
+ <version>2.0.0-M5</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
<dependencies>
<dependency>
+ <groupId>org.apache.isis.extensions</groupId>
+ <artifactId>isis-extensions-secman-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.isis.extensions</groupId>
+ <artifactId>isis-extensions-secman-model</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.isis.extensions</groupId>
+ <artifactId>isis-extensions-secman-persistence-jdo</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.isis.extensions</groupId>
+ <artifactId>isis-extensions-secman-encryption-jbcrypt</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.isis.extensions</groupId>
+ <artifactId>isis-extensions-secman-shiro-realm</artifactId>
+ </dependency>
+
+ <dependency>
<groupId>org.apache.isis.mavendeps</groupId>
<artifactId>isis-mavendeps-webapp</artifactId>
<type>pom</type>
diff --git a/src/main/java/domainapp/security/SeedUsersAndRoles.java b/src/main/java/domainapp/security/SeedUsersAndRoles.java
new file mode 100644
index 0000000..557796e
--- /dev/null
+++ b/src/main/java/domainapp/security/SeedUsersAndRoles.java
@@ -0,0 +1,61 @@
+package domainapp.security;
+
+import javax.inject.Inject;
+
+import org.springframework.context.event.EventListener;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Service;
+
+import org.apache.isis.applib.annotation.OrderPrecedence;
+import org.apache.isis.applib.services.xactn.TransactionService;
+import org.apache.isis.core.metamodel.events.MetamodelEvent;
+import org.apache.isis.testing.fixtures.applib.fixturescripts.FixtureScript;
+import org.apache.isis.testing.fixtures.applib.fixturescripts.FixtureScripts;
+
+import domainapp.security.scripts.RoleAndPerms__NoDelete;
+import domainapp.security.scripts.RoleAndPerms__UserRo;
+import domainapp.security.scripts.RoleAndPerms__UserRw;
+import domainapp.security.scripts.UserToRole__bob_UserRw;
+import domainapp.security.scripts.UserToRole__dick_UserRo;
+import domainapp.security.scripts.UserToRole__joe_UserRw_but_NoDelete;
+
+@Service
+@Order(OrderPrecedence.MIDPOINT + 10)
+public class SeedUsersAndRoles {
+
+ private final FixtureScripts fixtureScripts;
+ private final TransactionService transactionService;
+
+ @Inject
+ public SeedUsersAndRoles(
+ final FixtureScripts fixtureScripts,
+ final TransactionService transactionService) {
+ this.fixtureScripts = fixtureScripts;
+ this.transactionService = transactionService;
+ }
+
+ @EventListener(MetamodelEvent.class)
+ public void onMetamodelEvent(final MetamodelEvent event) {
+ if (event.isPostMetamodel()) {
+ runScripts();
+ }
+ transactionService.flushTransaction();
+ }
+
+ private void runScripts() {
+ fixtureScripts.run(new FixtureScript() {
+ @Override
+ protected void execute(ExecutionContext ec) {
+ ec.executeChildren(this,
+ new RoleAndPerms__UserRw()
+ , new RoleAndPerms__UserRo()
+ , new RoleAndPerms__NoDelete()
+ , new UserToRole__bob_UserRw()
+ , new UserToRole__dick_UserRo()
+ , new UserToRole__joe_UserRw_but_NoDelete()
+ );
+ }
+ });
+ }
+
+}
diff --git a/src/main/java/domainapp/security/scripts/RoleAndPerms__NoDelete.java b/src/main/java/domainapp/security/scripts/RoleAndPerms__NoDelete.java
new file mode 100644
index 0000000..32d65ea
--- /dev/null
+++ b/src/main/java/domainapp/security/scripts/RoleAndPerms__NoDelete.java
@@ -0,0 +1,26 @@
+package domainapp.security.scripts;
+
+import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+import org.apache.isis.applib.services.appfeat.ApplicationFeatureSort;
+import org.apache.isis.commons.collections.Can;
+import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
+import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+
+public class RoleAndPerms__NoDelete extends AbstractRoleAndPermissionsFixtureScript {
+
+ public static final String ROLE_NAME = "no-delete";
+
+ public RoleAndPerms__NoDelete() {
+ super(ROLE_NAME, "Veto access to deleting HelloWorld objects");
+ }
+
+ @Override
+ protected void execute(ExecutionContext ec) {
+ newPermissions(
+ ApplicationPermissionRule.VETO,
+ ApplicationPermissionMode.VIEWING,
+ Can.of(ApplicationFeatureId.newFeature(ApplicationFeatureSort.MEMBER, "hello.HelloWorldObject#delete"))
+ );
+ }
+}
diff --git a/src/main/java/domainapp/security/scripts/RoleAndPerms__UserRo.java b/src/main/java/domainapp/security/scripts/RoleAndPerms__UserRo.java
new file mode 100644
index 0000000..6bd585f
--- /dev/null
+++ b/src/main/java/domainapp/security/scripts/RoleAndPerms__UserRo.java
@@ -0,0 +1,32 @@
+package domainapp.security.scripts;
+
+import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+import org.apache.isis.applib.services.appfeat.ApplicationFeatureSort;
+import org.apache.isis.commons.collections.Can;
+import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
+import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+
+public class RoleAndPerms__UserRo extends AbstractRoleAndPermissionsFixtureScript {
+
+ public static final String ROLE_NAME = "user-ro";
+
+ public RoleAndPerms__UserRo() {
+ super(ROLE_NAME, "Read-only access to entire application");
+ }
+
+ @Override
+ protected void execute(ExecutionContext ec) {
+ newPermissions(
+ ApplicationPermissionRule.ALLOW,
+ ApplicationPermissionMode.VIEWING,
+ Can.of(ApplicationFeatureId.newNamespace("hello")));
+ newPermissions(
+ ApplicationPermissionRule.ALLOW,
+ ApplicationPermissionMode.CHANGING,
+ Can.of(
+ ApplicationFeatureId.newFeature(ApplicationFeatureSort.MEMBER, "hello.HelloWorldObjects#findByName"),
+ ApplicationFeatureId.newFeature(ApplicationFeatureSort.MEMBER, "hello.HelloWorldObjects#listAll")
+ ));
+ }
+}
diff --git a/src/main/java/domainapp/security/scripts/RoleAndPerms__UserRw.java b/src/main/java/domainapp/security/scripts/RoleAndPerms__UserRw.java
new file mode 100644
index 0000000..50870af
--- /dev/null
+++ b/src/main/java/domainapp/security/scripts/RoleAndPerms__UserRw.java
@@ -0,0 +1,34 @@
+package domainapp.security.scripts;
+
+import java.util.Arrays;
+
+import javax.inject.Inject;
+
+import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+import org.apache.isis.applib.value.Password;
+import org.apache.isis.commons.collections.Can;
+import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
+import org.apache.isis.extensions.secman.jdo.dom.role.ApplicationRole;
+import org.apache.isis.extensions.secman.jdo.dom.role.ApplicationRoleRepository;
+import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+import org.apache.isis.extensions.secman.model.dom.user.ApplicationUserMenu;
+import org.apache.isis.testing.fixtures.applib.fixturescripts.FixtureScript;
+
+public class RoleAndPerms__UserRw extends AbstractRoleAndPermissionsFixtureScript {
+
+ public static final String ROLE_NAME = "user-rw";
+
+ public RoleAndPerms__UserRw() {
+ super(ROLE_NAME, "Read-write access to entire application");
+ }
+
+ @Override
+ protected void execute(ExecutionContext ec) {
+ newPermissions(
+ ApplicationPermissionRule.ALLOW,
+ ApplicationPermissionMode.CHANGING,
+ Can.of(ApplicationFeatureId.newNamespace("hello"))
+ );
+ }
+}
diff --git a/src/main/java/domainapp/security/scripts/SecmanConstants.java b/src/main/java/domainapp/security/scripts/SecmanConstants.java
new file mode 100644
index 0000000..0c8df8d
--- /dev/null
+++ b/src/main/java/domainapp/security/scripts/SecmanConstants.java
@@ -0,0 +1,11 @@
+package domainapp.security.scripts;
+
+import org.apache.isis.commons.collections.Can;
+import org.apache.isis.extensions.secman.api.user.AccountType;
+import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractUserAndRolesFixtureScript;
+
+public class SecmanConstants {
+ private SecmanConstants(){}
+ public static final String ADMIN_ROLE_NAME = "secman-admin-role";
+ public static final String USER_ROLE_NAME = "secman-user-role";
+}
diff --git a/src/main/java/domainapp/security/scripts/UserToRole__bob_UserRw.java b/src/main/java/domainapp/security/scripts/UserToRole__bob_UserRw.java
new file mode 100644
index 0000000..a44b92b
--- /dev/null
+++ b/src/main/java/domainapp/security/scripts/UserToRole__bob_UserRw.java
@@ -0,0 +1,17 @@
+package domainapp.security.scripts;
+
+import org.apache.isis.commons.collections.Can;
+import org.apache.isis.extensions.secman.api.user.AccountType;
+import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractUserAndRolesFixtureScript;
+
+public class UserToRole__bob_UserRw extends AbstractUserAndRolesFixtureScript {
+
+ public UserToRole__bob_UserRw() {
+ super("bob", "pass", AccountType.LOCAL,
+ Can.of(
+ RoleAndPerms__UserRw.ROLE_NAME
+ , SecmanConstants.USER_ROLE_NAME
+ ));
+ }
+
+}
diff --git a/src/main/java/domainapp/security/scripts/UserToRole__dick_UserRo.java b/src/main/java/domainapp/security/scripts/UserToRole__dick_UserRo.java
new file mode 100644
index 0000000..2245fdb
--- /dev/null
+++ b/src/main/java/domainapp/security/scripts/UserToRole__dick_UserRo.java
@@ -0,0 +1,17 @@
+package domainapp.security.scripts;
+
+import org.apache.isis.commons.collections.Can;
+import org.apache.isis.extensions.secman.api.user.AccountType;
+import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractUserAndRolesFixtureScript;
+
+public class UserToRole__dick_UserRo extends AbstractUserAndRolesFixtureScript {
+
+ public UserToRole__dick_UserRo() {
+ super("dick", "pass", AccountType.LOCAL,
+ Can.of(
+ RoleAndPerms__UserRo.ROLE_NAME
+ , SecmanConstants.USER_ROLE_NAME
+ ));
+ }
+
+}
diff --git a/src/main/java/domainapp/security/scripts/UserToRole__joe_UserRw_but_NoDelete.java b/src/main/java/domainapp/security/scripts/UserToRole__joe_UserRw_but_NoDelete.java
new file mode 100644
index 0000000..9f98c23
--- /dev/null
+++ b/src/main/java/domainapp/security/scripts/UserToRole__joe_UserRw_but_NoDelete.java
@@ -0,0 +1,18 @@
+package domainapp.security.scripts;
+
+import org.apache.isis.commons.collections.Can;
+import org.apache.isis.extensions.secman.api.user.AccountType;
+import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractUserAndRolesFixtureScript;
+
+public class UserToRole__joe_UserRw_but_NoDelete extends AbstractUserAndRolesFixtureScript {
+
+ public UserToRole__joe_UserRw_but_NoDelete() {
+ super("joe", "pass", AccountType.LOCAL,
+ Can.of(
+ RoleAndPerms__UserRw.ROLE_NAME
+ , RoleAndPerms__NoDelete.ROLE_NAME
+ , SecmanConstants.USER_ROLE_NAME
+ ));
+ }
+
+}
diff --git a/src/main/java/domainapp/webapp/AppManifest.java b/src/main/java/domainapp/webapp/AppManifest.java
index 86995b9..ad39712 100644
--- a/src/main/java/domainapp/webapp/AppManifest.java
+++ b/src/main/java/domainapp/webapp/AppManifest.java
@@ -1,5 +1,8 @@
package domainapp.webapp;
+import java.util.EnumSet;
+
+import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.PropertySource;
@@ -7,13 +10,27 @@ import org.springframework.context.annotation.PropertySources;
import org.apache.isis.core.config.presets.IsisPresets;
import org.apache.isis.core.runtimeservices.IsisModuleCoreRuntimeServices;
+import org.apache.isis.extensions.secman.api.IsisModuleExtSecmanApi;
+import org.apache.isis.extensions.secman.api.SecmanConfiguration;
+import org.apache.isis.extensions.secman.api.SecurityRealm;
+import org.apache.isis.extensions.secman.api.SecurityRealmCharacteristic;
+import org.apache.isis.extensions.secman.api.SecurityRealmService;
+import org.apache.isis.extensions.secman.api.permission.PermissionsEvaluationService;
+import org.apache.isis.extensions.secman.api.permission.PermissionsEvaluationServiceAllowBeatsVeto;
+import org.apache.isis.extensions.secman.encryption.jbcrypt.IsisModuleExtSecmanEncryptionJbcrypt;
+import org.apache.isis.extensions.secman.jdo.IsisModuleExtSecmanPersistenceJdo;
+import org.apache.isis.extensions.secman.model.IsisModuleExtSecmanModel;
+import org.apache.isis.extensions.secman.shiro.IsisModuleExtSecmanRealmShiro;
import org.apache.isis.persistence.jdo.datanucleus.IsisModuleJdoDatanucleus;
import org.apache.isis.security.shiro.IsisModuleSecurityShiro;
+import org.apache.isis.testing.fixtures.applib.IsisModuleTestingFixturesApplib;
import org.apache.isis.testing.h2console.ui.IsisModuleTestingH2ConsoleUi;
import org.apache.isis.viewer.restfulobjects.jaxrsresteasy4.IsisModuleViewerRestfulObjectsJaxrsResteasy4;
import org.apache.isis.viewer.wicket.viewer.IsisModuleViewerWicketViewer;
import domainapp.modules.hello.HelloWorldModule;
+import domainapp.security.SeedUsersAndRoles;
+import domainapp.security.scripts.SecmanConstants;
@Configuration
@Import({
@@ -23,6 +40,15 @@ import domainapp.modules.hello.HelloWorldModule;
IsisModuleViewerRestfulObjectsJaxrsResteasy4.class,
IsisModuleViewerWicketViewer.class,
+ IsisModuleExtSecmanApi.class,
+ IsisModuleExtSecmanModel.class,
+ IsisModuleExtSecmanPersistenceJdo.class,
+ IsisModuleExtSecmanRealmShiro.class,
+ IsisModuleExtSecmanEncryptionJbcrypt.class,
+
+ IsisModuleTestingFixturesApplib.class,
+ SeedUsersAndRoles.class,
+
IsisModuleTestingH2ConsoleUi.class,
HelloWorldModule.class
})
@@ -30,4 +56,29 @@ import domainapp.modules.hello.HelloWorldModule;
@PropertySource(IsisPresets.NoTranslations),
})
public class AppManifest {
+
+ @Bean
+ public SecmanConfiguration secmanConfiguration() {
+ return SecmanConfiguration.builder()
+ .adminUserName("sven").adminPassword("pass")
+ .adminRoleName(SecmanConstants.ADMIN_ROLE_NAME)
+ .regularUserRoleName(SecmanConstants.USER_ROLE_NAME)
+ .build();
+ }
+
+ @Bean
+ public PermissionsEvaluationService permissionsEvaluationService() {
+ return new PermissionsEvaluationServiceAllowBeatsVeto();
+ }
+
+ @Bean
+ public SecurityRealmService securityRealmService() {
+ return new SecurityRealmService() {
+ @Override
+ public SecurityRealm getCurrentRealm() {
+ return () -> EnumSet.noneOf(SecurityRealmCharacteristic.class);
+ }
+ };
+ }
+
}
diff --git a/src/main/resources/menubars.layout.xml b/src/main/resources/menubars.layout.xml
index 8d714b9..3023026 100644
--- a/src/main/resources/menubars.layout.xml
+++ b/src/main/resources/menubars.layout.xml
@@ -17,6 +17,10 @@
<mb3:menu>
<mb3:named>Prototyping</mb3:named>
<mb3:section>
+ <mb3:named>Fixtures</mb3:named>
+ <mb3:serviceAction objectType="isis.ext.fixtures.FixtureScripts" id="runFixtureScript"/>
+ </mb3:section>
+ <mb3:section>
<mb3:named>Layouts</mb3:named>
<mb3:serviceAction objectType="isis.applib.LayoutServiceMenu" id="downloadLayouts"/>
<mb3:serviceAction objectType="isis.applib.LayoutServiceMenu" id="downloadMenuBarsLayout"/>
@@ -45,6 +49,41 @@
<mb3:serviceAction objectType="isis.applib.TranslationServicePoMenu" id="switchToWritingTranslations"/>
</mb3:section>
</mb3:menu>
+ <mb3:menu>
+ <mb3:named>Security</mb3:named>
+ <mb3:section>
+ <mb3:named>Users</mb3:named>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationUserMenu" id="findUsers"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationUserMenu" id="newDelegateUser"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationUserMenu" id="newLocalUser"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationUserMenu" id="allUsers"/>
+ </mb3:section>
+ <mb3:section>
+ <mb3:named>Roles</mb3:named>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationRoleMenu" id="findRoles"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationRoleMenu" id="newRole"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationRoleMenu" id="allRoles"/>
+ </mb3:section>
+ <mb3:section>
+ <mb3:named>Features</mb3:named>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationFeatureViewModels" id="allNamespaces"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationFeatureViewModels" id="allTypes"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationFeatureViewModels" id="allActions"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationFeatureViewModels" id="allProperties"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationFeatureViewModels" id="allCollections"/>
+ </mb3:section>
+ <mb3:section>
+ <mb3:named>Permissions</mb3:named>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationPermissionMenu" id="allPermissions"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationPermissionMenu" id="findOrphanedPermissions"/>
+ </mb3:section>
+ <mb3:section>
+ <mb3:named>Tenancies</mb3:named>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationTenancyMenu" id="findTenancies"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationTenancyMenu" id="newTenancy"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationTenancyMenu" id="allTenancies"/>
+ </mb3:section>
+ </mb3:menu>
</mb3:secondary>
<mb3:tertiary>
<mb3:menu>
@@ -54,9 +93,8 @@
<mb3:serviceAction objectType="isis.applib.ConfigurationMenu" id="configuration"/>
</mb3:section>
<mb3:section>
- <mb3:serviceAction objectType="isis.security.LogoutMenu" id="logout">
- <cpt:named>Logout</cpt:named>
- </mb3:serviceAction>
+ <mb3:serviceAction objectType="isis.ext.secman.MeService" id="me"/>
+ <mb3:serviceAction objectType="isis.security.LogoutMenu" id="logout"/>
</mb3:section>
</mb3:menu>
</mb3:tertiary>
diff --git a/src/main/resources/shiro.ini b/src/main/resources/shiro.ini
index 2fe76c6..8f41937 100644
--- a/src/main/resources/shiro.ini
+++ b/src/main/resources/shiro.ini
@@ -1,39 +1,10 @@
[main]
-# to use .ini file
-securityManager.realms = $iniRealm
+authenticationStrategy=org.apache.isis.extensions.secman.shiro.AuthenticationStrategyForIsisModuleSecurityRealm
+isisModuleSecurityRealm=org.apache.isis.extensions.secman.shiro.IsisModuleExtSecmanShiroRealm
-
-
-# -----------------------------------------------------------------------------
-# Users and their assigned roles
-#
-# Each line conforms to the format defined in the
-# org.apache.shiro.realm.text.TextConfigurationRealm#setUserDefinitions JavaDoc
-# -----------------------------------------------------------------------------
+securityManager.authenticator.authenticationStrategy = $authenticationStrategy
+securityManager.realms = $isisModuleSecurityRealm
[users]
-# user = password, role1, role2, role3, ...
-
-
-sven = pass, admin_role
-dick = pass, user_role
-bob = pass, user_role
-joe = pass, user_role
-
-
-
-# -----------------------------------------------------------------------------
-# Roles with assigned permissions
-#
-# Each line conforms to the format defined in the
-# org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions JavaDoc
-# -----------------------------------------------------------------------------
-
[roles]
-# role = perm1, perm2, perm3, ...
-# perm in format: packageName:className:memberName:r,w
-
-user_role = *:HelloWorldObjects:*:*,\
- *:HelloWorldObject:*:*
-admin_role = *