You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Les Hazlewood (JIRA)" <ji...@apache.org> on 2009/12/18 22:00:18 UTC

[jira] Resolved: (SHIRO-101) Comma in role in the properties file is not read correctly by the PropertyRealm

     [ https://issues.apache.org/jira/browse/SHIRO-101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Les Hazlewood resolved SHIRO-101.
---------------------------------

    Resolution: Not A Problem

Because permissions are comma delimited in the .ini and .properties files, if a permission definition itself has commas (as in your example), you must quote the permission definition.

For example:

role.test = printer:print:lp7200, "user:create,delete"



> Comma in role in the properties file is not read correctly by the PropertyRealm
> -------------------------------------------------------------------------------
>
>                 Key: SHIRO-101
>                 URL: https://issues.apache.org/jira/browse/SHIRO-101
>             Project: Shiro
>          Issue Type: Bug
>          Components: Configuration
>    Affects Versions: 0.9-RC1, 0.9
>         Environment: Ubuntu 8.10, eclipse Galileo
>            Reporter: Moataz Elmasry
>             Fix For: 1.0
>
>         Attachments: shirobug.zip
>
>
> I had the following the property file.
> user.luke=luke,Pilot
> role.Pilot=xWing:fly:xxx,yyy
> Now supposdly subject.isPermitted("xWing:fly:xxx") and Subject.isPermitted("xWing:fly:yyy") should both return true. this is not the case, since the first returns true and the second false. Now lets exchange the last term as follows: role.Pilot=xWing:fly:yyy,xxx. and make the same calls again. Now we see the forst returns false and the second returns true. So now we know that only the first token before the comma is read.
> Looking into shiro code in org.apache.shiro.util.PermissionUtils.toPermissionStrings() which calls in turn StringUtils.split(permissionString). This function splits the string around the comma. So from role.Pilot=xWing:fly:xxx,yyy we get two string: xWing:fly:xxx  and yyy. To prove this theory I called Subject.isPermitted("yyy") which returned true.
> My suggestion would be not to call PermissionUtils at all, since its being called from WildcardPermission which in turn splits the String using * then the comma afterwards. So it makes no sense splitting the string with the comma two times, since the second time there would be nothing to split anyway.
> Best regards and thanks for your efforts

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.