You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by John Cladmore <ju...@lorrev.org> on 2009/06/30 18:55:16 UTC

Grails + ZK + JSecurity

Hi all,

Anyone here using jsec in a Grails + Zk-plugin application?

My problem is that the jsec plugin for grails provides several class for 
user, role, permission, and their relationships. i have sucessfully 
tested authentication and verifying the user's role. However, I want to 
know how i can check for permission in code. I know I have to call 
isPermitted() on the current subject, but I don't know how that string 
parameter should be formatted.

I think the plugin is setup for grails view technology with 
controller/action. Whereas, I just want to simply check for permission 
in the wildcard way as documented for jsec WildcardPermission class.

I won't mind the way the jsec plugins for grials has permission setup, 
if I can only figure out how to check it in code.

Here is what I have done so far using fixtures:
// create a permission
"aPerm"(JsecPermission){
type = "org.jsecurity.grails.JsecBasicPermission"
possibleActions = "*"
}

menuPerm0(JsecRolePermissionRel){
role = adminRole // JsecRole instance reference, users and roles already 
created
permission = ref("aPerm") // the permission above
target = "User" // name of menu I want permission for, remember, this is 
not grails controller
actions = "view"
}

Now, in code, I get the current subject and call isPermitted(). I have 
tired "User", "User:*", and "User:view". but nothing successful yet.

Thanks for your help or pointers to info.


.v

Re: Grails + ZK + JSecurity

Posted by Les Hazlewood <lh...@apache.org>.

Hi John,

I'm not sure that a lot of users on this list are very knowledgeable of how
the Grails plugin operates (it would be nice if I was wrong though ;)).
Have you tried the grails-user mailing list?  That is typically where people
ask the JSecurity(now Shiro) Grails plugin questions.

However, I'll do my best with regards to your question here.

Shiro can check permissions in two formats - either implementations of the
Permission interface, or a simple String formatted according to the
WildcardPermission javadoc.

It appears that the Grails plugin stores instances of the Permission
interface in the database.  That means you can do things like:

if ( SecurityUtils.subject.isPermitted(aPermissionInstance) )  {
    //do something
}

But I don't know how to instantiate 'aPermissionInstance' based on what the
Grails plugin would expect.  Would it be new
JsecBasicPermission("something"); ?  or another subclass?  I'm not sure.

You can check a String permission as well, but all Strings need to be
converted to a Permission instance in order to perform permission
implication logic (See Permission.implies(permission) JavaDoc).  Shiro does
this via a PermissionResolver.

So, you can do this:

if ( SecurityUtils.subject.isPermitted("printer:print") ) {
    //print
}

But to make this work, you would need to register a PermissionResolver that
accepts a string and instantiates a Permission instance based on that
String.  That permission would then be checked against the persistent
Permission instances managed by the Grails plugin/Hibernate.  For example:

Permission toCheck = permissionResolver.resolvePermission(permString);
if ( Permission perm : hibernatedPermissions ) {
    if ( perm.implies(toCheck) ) {
        return true; //they are permitted to do what is described by
'toCheck'
    }
}
return false; //not permitted

I don't know how to register a custom PermissionResolver with the Grails
plugin to make this work, or if this is even necessary in the first place.

Hopefully another Grails user could shed light on the issue, or Peter
Ledbrook, the original author of the plugin could help.  He's been very busy
the last few months writing a book or two, so I don't know how accessible he
is though.

Regards,

Les

On Tue, Jun 30, 2009 at 12:55 PM, John Cladmore <ju...@lorrev.org> wrote:

> Hi all,
>
> Anyone here using jsec in a Grails + Zk-plugin application?
>
> My problem is that the jsec plugin for grails provides several class for
> user, role, permission, and their relationships. i have sucessfully tested
> authentication and verifying the user's role. However, I want to know how i
> can check for permission in code. I know I have to call isPermitted() on the
> current subject, but I don't know how that string parameter should be
> formatted.
>
> I think the plugin is setup for grails view technology with
> controller/action. Whereas, I just want to simply check for permission in
> the wildcard way as documented for jsec WildcardPermission class.
>
> I won't mind the way the jsec plugins for grials has permission setup, if I
> can only figure out how to check it in code.
>
> Here is what I have done so far using fixtures:
> // create a permission
> "aPerm"(JsecPermission){
> type = "org.jsecurity.grails.JsecBasicPermission"
> possibleActions = "*"
> }
>
> menuPerm0(JsecRolePermissionRel){
> role = adminRole // JsecRole instance reference, users and roles already
> created
> permission = ref("aPerm") // the permission above
> target = "User" // name of menu I want permission for, remember, this is
> not grails controller
> actions = "view"
> }
>
> Now, in code, I get the current subject and call isPermitted(). I have
> tired "User", "User:*", and "User:view". but nothing successful yet.
>
> Thanks for your help or pointers to info.
>
>
> .v
>