You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Emond Papegaaij (JIRA)" <ji...@apache.org> on 2012/12/27 14:46:12 UTC

[jira] [Commented] (SHIRO-332) Change access level of method 'isPermitted' in org.apache.shiro.realm.AuthorizingRealm (line 461) from private to protected

    [ https://issues.apache.org/jira/browse/SHIRO-332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13539955#comment-13539955 ] 

Emond Papegaaij commented on SHIRO-332:
---------------------------------------

I agree, and the same is true for getPermissions, resolvePermissions and resolveRolePermissions, where the last two can be made final. In our application, resolving permissions for a role is quite expensive and is not something you would want to repeat for every permission check, so I'm trying to add caching. This caching should take place in getPermissions, but to change that method, I had to copy over 100 lines of code to my subclass, where simply overriding getPermissions and delegating to super should have been enough. For resolvePermissions and resolveRolePermissions, it's a bit different. It's not very likely someone ever needs to change those, but they can be handy in a subclass, hence protected final.
                
> Change access level of method  'isPermitted' in  org.apache.shiro.realm.AuthorizingRealm  (line 461)  from private to protected
> -------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SHIRO-332
>                 URL: https://issues.apache.org/jira/browse/SHIRO-332
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Authorization (access control) 
>    Affects Versions: 1.1.0
>            Reporter: clifford harms
>            Priority: Minor
>              Labels: api-change, authorization, authorizing-realm
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> In org.apache.shiro.realm.AuthorizingRealm, line 461, the method     private boolean isPermitted(Permission permission, AuthorizationInfo info)    should have its access level set to protected.  This method is the ideal method to override If a developer wishes to change how a  realm that extends AuthorizingRealm interacts with the AuthorizationInfo when permissions are checked.  This is because all of the  'isPermitted' method overloads delegate the actual permission checking to this method.  As the class stands now, all of the isPermitted overloads have to be  re-implemented as overrides to Authorizing realm in order for the developer to safely change this behavior. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira