You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2013/08/15 19:59:20 UTC
svn commit: r1514413 -
/isis/site/trunk/content/components/security/shiro/format-of-permissions.md
Author: danhaywood
Date: Thu Aug 15 17:59:20 2013
New Revision: 1514413
URL: http://svn.apache.org/r1514413
Log:
shiro realm mappings
Added:
isis/site/trunk/content/components/security/shiro/format-of-permissions.md
Added: isis/site/trunk/content/components/security/shiro/format-of-permissions.md
URL: http://svn.apache.org/viewvc/isis/site/trunk/content/components/security/shiro/format-of-permissions.md?rev=1514413&view=auto
==============================================================================
--- isis/site/trunk/content/components/security/shiro/format-of-permissions.md (added)
+++ isis/site/trunk/content/components/security/shiro/format-of-permissions.md Thu Aug 15 17:59:20 2013
@@ -0,0 +1,34 @@
+Title: Format of Permissions
+
+Shiro converts permission strings (as found in `WEB-INF/shiro.ini`) internally into `WildcardPermission` instances, with allow a permissions to be organized hierarchical and with wildcarding.
+
+This meets Isis' requirements well; we define the permission strings as follows:
+
+<pre>
+packageName:ClassName:memberName:r,w
+</pre>
+
+where:
+
+* `memberName` is the property, collection or action name.
+* `r` indicates that the member is visible
+* `w` indicates that the member is usable (editable or invokable)
+
+Because these are wildcards, a '*' can be used at any level. Additionally, missing levels assume wildcards.
+
+Thus:
+
+<pre>
+com.mycompany.myapp:Customer:firstName:r,w # view or edit customer's firstName
+com.mycompany.myapp:Customer:lastName:r # view customer's lastName only
+com.mycompany.myapp:Customer:placeOrder:* # view and invoke placeOrder action
+com.mycompany.myapp:Customer:placeOrder # ditto
+com.mycompany.myapp:Customer:*:r # view all customer class members
+com.mycompany.myapp:*:*:r # view-only access for all classes in myapp package
+com.mycompany.myapp:*:*:* # view/edit for all classes in myapp package
+com.mycompany.myapp:*:* # ditto
+com.mycompany.myapp:* # ditto
+com.mycompany.myapp # ditto
+* # view/edit access to everything
+</pre>
+