You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2021/04/08 06:02:46 UTC
[isis] 02/03: ISIS-2484: removes 'run-as' hint for shiro
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a commit to branch 2.0.0-M5
in repository https://gitbox.apache.org/repos/asf/isis.git
commit f4bb021c837f5598e707149d7374ced4fd3b24ab
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Thu Apr 8 07:00:24 2021 +0100
ISIS-2484: removes 'run-as' hint for shiro
---
.../src/main/adoc/modules/shiro/pages/about.adoc | 97 ----------------------
1 file changed, 97 deletions(-)
diff --git a/security/shiro/src/main/adoc/modules/shiro/pages/about.adoc b/security/shiro/src/main/adoc/modules/shiro/pages/about.adoc
index c7cf0d0..4ce8e00 100644
--- a/security/shiro/src/main/adoc/modules/shiro/pages/about.adoc
+++ b/security/shiro/src/main/adoc/modules/shiro/pages/about.adoc
@@ -406,103 +406,6 @@ myRealm.permissionResolver = $permissionResolver # <.>
<.> `myRealm` is the handle to the configured realm, eg `$iniRealm` or `$isisLdapRealm` etc.
-== Hints and Tips
-
-=== Run-as
-
-This hint shows how to temporarily change the current user as reported by Shiro.
-This can be useful to support "Run As", for example.
-
-The heavy lifting is done in `ShiroService`:
-
-[source,java]
-----
-import org.springframework.stereotype.Service;
-
-@Service
-public class ShiroService {
-
- public void runAs(String userName) {
- SimplePrincipalCollection principals =
- new SimplePrincipalCollection(userName, "jdbcRealm"); // <1>
- getSubject().runAs(principals);
- }
-
- public String releaseRunAs() {
- final PrincipalCollection principals = getSubject().releaseRunAs();
- String username = (String)principals.asList().get(0);
- return username;
- }
-
- public String getUsername() { // <2>
- String principalAsString = ((String)getSubject().getPrincipal());
- return principalAsString.toLowerCase();
- }
-
- public String getRealUsername() { // <3>
- return userService.getUser().getName().toLowerCase();
- }
-
- public boolean isRunAs() {
- return getSubject().isRunAs();
- }
-
- private static Subject getSubject() {
- return org.apache.shiro.SecurityUtils.getSubject();
- }
-
- @Inject
- private UserService userService;
-}
-----
-<1> "jdbcRealm" is realm as configured in Shiro config (shiro.ini).
-<2> The username of the currently logged in user (by which permissions are determined).
-This could be the user name the real user is running as.
-<3> The username of the real currently logged in user.
-
-This could be exposed in the UI using a simple `RunAsService`, for example:
-
-[source,java]
-----
-@DomainService(nature = NatureOfService.VIEW)
-@DomainServiceLayout(menuBar = DomainServiceLayout.MenuBar.TERTIARY)
-public class RunAsService {
-
- public Dashboard runAs(User user) {
- shiroService.runAs(user.getUsername());
- return dashboardService.openDashboard(); // <1>
- }
- public List<User> choices0RunAs() {
- return ... // <2>
- }
- public boolean hideRunAs() {
- return shiroService.isRunAs();
- }
-
-
-
- public User releaseRunAs() {
- String username = shiroService.releaseRunAs();
- return usersRepository.findByUsername(username);
- }
- public boolean hideReleaseRunAs() {
- return !shiroService.isRunAs();
- }
-
-
- @Inject
- private ShiroService shiroService;
- @Inject
- private UsersRepository usersRepository;
- @Inject
- private DashboardService dashboardService; // <1>
-}
-----
-<1> go to the home page (application-specific)
-<2> return a list of users to run as
-
-
-Credits: adapted from link:https://gist.github.com/erikdehair/efa3005440ca982cca41ebe5347e82d8[this gist].
== Caching