You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@isis.apache.org by ch...@wipro.com on 2014/05/05 11:59:59 UTC
ISIS-Shiro isPermitted issue
Hi,
I want to use Apache-Shiro API methods in my code for some permissions check. But permission check is not working in ISIS-Shiro environment as it is based on class-based secyrity mechanism.
For ex:
in shiroo.ini - I gave permission as below:
site_role = BBY:0541
In the code subject.isPermitted("BBY:011") also returning true.
In non-ISIS environment, this security checking is working fine.
Please help how to solve this issue.
BR
Ranganath Varma
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com
Re: ISIS-Shiro isPermitted issue
Posted by Dan Haywood <da...@haywood-associates.co.uk>.
Have closed... not a problem. See ticket for details.
Dan
On 7 May 2014 21:09, Dan Haywood <da...@haywood-associates.co.uk> wrote:
>
>
>
> On 7 May 2014 07:22, <ch...@wipro.com> wrote:
>
>> Hi Dan,
>>
>> I created Jira for this wherein I had attached files as I don’t have GIT
>> client to push them over.
>>
>
> That's ok
>
> Do install git, though, it's very easy to install...
> - https://github.com/ has a full walk through
> - http://www.sourcetreeapp.com/ is Atlassians SourceTree app, very good.
>
>
>
>>
>> Is it OK?
>> Jira Id is : ISIS-775
>>
>>
> will take a look.
>
> Dan
>
>
>
>> BR
>> Ranganath Varma
>>
>> -----Original Message-----
>> From: Dan Haywood [mailto:dan@haywood-associates.co.uk]
>> Sent: Wednesday, May 07, 2014 12:34 AM
>> To: users@isis.apache.org
>> Subject: Re: ISIS-Shiro isPermitted issue
>>
>> Hi Ranganath,
>>
>> I can't reproduce this issue; Shiro permissions seem to work as expected
>> for me.
>>
>> What I did to check is as follows:
>>
>> Using the todo app, I updated realm1.ini and realm2.ini (in
>> webapp/src/main/resources):
>>
>> self-install_role = *:ToDoItemsFixturesService:installFixtures:*,\
>> *:ToDoItemsFixturesService:testPerms:*,\
>> BBY:0541
>>
>>
>> In ToDoItemsFixtureService, I added this action:
>>
>> @MemberOrder(sequence = "1")
>> public Boolean testPerms(@Named("Permissions") final String
>> permission) {
>> return SecurityUtils.getSubject().isPermitted(permission);
>> }
>>
>> I logged in as joe/pass (who has the self-install_role), and invoked the
>> action:
>>
>> * if I enter "BBY:0541", it returns true
>> * if I enter "BBY:011", it returns false.
>>
>> ~~~
>> If you can provide a test case project on github that demonstrates the
>> problem, then I'll look again. But I suspect the issue is a
>> misconfiguration in your Shiro files. If you want to post them here, we
>> can try to figure out the issue for you.
>>
>> Cheers
>> Dan
>>
>>
>> On Monday, 5 May 2014, <ch...@wipro.com> wrote:
>>
>> > Hi,
>> >
>> > I want to use Apache-Shiro API methods in my code for some permissions
>> > check. But permission check is not working in ISIS-Shiro environment
>> > as it is based on class-based secyrity mechanism.
>> >
>> >
>> > For ex:
>> >
>> > in shiroo.ini - I gave permission as below:
>> > site_role = BBY:0541
>> >
>> > In the code subject.isPermitted("BBY:011") also returning true.
>> >
>> > In non-ISIS environment, this security checking is working fine.
>> >
>> > Please help how to solve this issue.
>> >
>> > BR
>> > Ranganath Varma
>> > The information contained in this electronic message and any
>> > attachments to this message are intended for the exclusive use of the
>> > addressee(s) and may contain proprietary, confidential or privileged
>> > information. If you are not the intended recipient, you should not
>> > disseminate, distribute or copy this e-mail. Please notify the sender
>> > immediately and destroy all copies of this message and any attachments.
>> >
>> > WARNING: Computer viruses can be transmitted via email. The recipient
>> > should check this email and any attachments for the presence of viruses.
>> > The company accepts no liability for any damage caused by any virus
>> > transmitted by this email.
>> >
>> > www.wipro.com
>> >
>>
>> The information contained in this electronic message and any attachments
>> to this message are intended for the exclusive use of the addressee(s) and
>> may contain proprietary, confidential or privileged information. If you are
>> not the intended recipient, you should not disseminate, distribute or copy
>> this e-mail. Please notify the sender immediately and destroy all copies of
>> this message and any attachments.
>>
>> WARNING: Computer viruses can be transmitted via email. The recipient
>> should check this email and any attachments for the presence of viruses.
>> The company accepts no liability for any damage caused by any virus
>> transmitted by this email.
>>
>> www.wipro.com
>>
>
>
Re: ISIS-Shiro isPermitted issue
Posted by Dan Haywood <da...@haywood-associates.co.uk>.
On 7 May 2014 07:22, <ch...@wipro.com> wrote:
> Hi Dan,
>
> I created Jira for this wherein I had attached files as I don’t have GIT
> client to push them over.
>
That's ok
Do install git, though, it's very easy to install...
- https://github.com/ has a full walk through
- http://www.sourcetreeapp.com/ is Atlassians SourceTree app, very good.
>
> Is it OK?
> Jira Id is : ISIS-775
>
>
will take a look.
Dan
> BR
> Ranganath Varma
>
> -----Original Message-----
> From: Dan Haywood [mailto:dan@haywood-associates.co.uk]
> Sent: Wednesday, May 07, 2014 12:34 AM
> To: users@isis.apache.org
> Subject: Re: ISIS-Shiro isPermitted issue
>
> Hi Ranganath,
>
> I can't reproduce this issue; Shiro permissions seem to work as expected
> for me.
>
> What I did to check is as follows:
>
> Using the todo app, I updated realm1.ini and realm2.ini (in
> webapp/src/main/resources):
>
> self-install_role = *:ToDoItemsFixturesService:installFixtures:*,\
> *:ToDoItemsFixturesService:testPerms:*,\
> BBY:0541
>
>
> In ToDoItemsFixtureService, I added this action:
>
> @MemberOrder(sequence = "1")
> public Boolean testPerms(@Named("Permissions") final String
> permission) {
> return SecurityUtils.getSubject().isPermitted(permission);
> }
>
> I logged in as joe/pass (who has the self-install_role), and invoked the
> action:
>
> * if I enter "BBY:0541", it returns true
> * if I enter "BBY:011", it returns false.
>
> ~~~
> If you can provide a test case project on github that demonstrates the
> problem, then I'll look again. But I suspect the issue is a
> misconfiguration in your Shiro files. If you want to post them here, we
> can try to figure out the issue for you.
>
> Cheers
> Dan
>
>
> On Monday, 5 May 2014, <ch...@wipro.com> wrote:
>
> > Hi,
> >
> > I want to use Apache-Shiro API methods in my code for some permissions
> > check. But permission check is not working in ISIS-Shiro environment
> > as it is based on class-based secyrity mechanism.
> >
> >
> > For ex:
> >
> > in shiroo.ini - I gave permission as below:
> > site_role = BBY:0541
> >
> > In the code subject.isPermitted("BBY:011") also returning true.
> >
> > In non-ISIS environment, this security checking is working fine.
> >
> > Please help how to solve this issue.
> >
> > BR
> > Ranganath Varma
> > The information contained in this electronic message and any
> > attachments to this message are intended for the exclusive use of the
> > addressee(s) and may contain proprietary, confidential or privileged
> > information. If you are not the intended recipient, you should not
> > disseminate, distribute or copy this e-mail. Please notify the sender
> > immediately and destroy all copies of this message and any attachments.
> >
> > WARNING: Computer viruses can be transmitted via email. The recipient
> > should check this email and any attachments for the presence of viruses.
> > The company accepts no liability for any damage caused by any virus
> > transmitted by this email.
> >
> > www.wipro.com
> >
>
> The information contained in this electronic message and any attachments
> to this message are intended for the exclusive use of the addressee(s) and
> may contain proprietary, confidential or privileged information. If you are
> not the intended recipient, you should not disseminate, distribute or copy
> this e-mail. Please notify the sender immediately and destroy all copies of
> this message and any attachments.
>
> WARNING: Computer viruses can be transmitted via email. The recipient
> should check this email and any attachments for the presence of viruses.
> The company accepts no liability for any damage caused by any virus
> transmitted by this email.
>
> www.wipro.com
>
RE: ISIS-Shiro isPermitted issue
Posted by ch...@wipro.com.
Hi Dan,
I created Jira for this wherein I had attached files as I don’t have GIT client to push them over.
Is it OK?
Jira Id is : ISIS-775
BR
Ranganath Varma
-----Original Message-----
From: Dan Haywood [mailto:dan@haywood-associates.co.uk]
Sent: Wednesday, May 07, 2014 12:34 AM
To: users@isis.apache.org
Subject: Re: ISIS-Shiro isPermitted issue
Hi Ranganath,
I can't reproduce this issue; Shiro permissions seem to work as expected for me.
What I did to check is as follows:
Using the todo app, I updated realm1.ini and realm2.ini (in
webapp/src/main/resources):
self-install_role = *:ToDoItemsFixturesService:installFixtures:*,\
*:ToDoItemsFixturesService:testPerms:*,\
BBY:0541
In ToDoItemsFixtureService, I added this action:
@MemberOrder(sequence = "1")
public Boolean testPerms(@Named("Permissions") final String permission) {
return SecurityUtils.getSubject().isPermitted(permission);
}
I logged in as joe/pass (who has the self-install_role), and invoked the
action:
* if I enter "BBY:0541", it returns true
* if I enter "BBY:011", it returns false.
~~~
If you can provide a test case project on github that demonstrates the problem, then I'll look again. But I suspect the issue is a misconfiguration in your Shiro files. If you want to post them here, we can try to figure out the issue for you.
Cheers
Dan
On Monday, 5 May 2014, <ch...@wipro.com> wrote:
> Hi,
>
> I want to use Apache-Shiro API methods in my code for some permissions
> check. But permission check is not working in ISIS-Shiro environment
> as it is based on class-based secyrity mechanism.
>
>
> For ex:
>
> in shiroo.ini - I gave permission as below:
> site_role = BBY:0541
>
> In the code subject.isPermitted("BBY:011") also returning true.
>
> In non-ISIS environment, this security checking is working fine.
>
> Please help how to solve this issue.
>
> BR
> Ranganath Varma
> The information contained in this electronic message and any
> attachments to this message are intended for the exclusive use of the
> addressee(s) and may contain proprietary, confidential or privileged
> information. If you are not the intended recipient, you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately and destroy all copies of this message and any attachments.
>
> WARNING: Computer viruses can be transmitted via email. The recipient
> should check this email and any attachments for the presence of viruses.
> The company accepts no liability for any damage caused by any virus
> transmitted by this email.
>
> www.wipro.com
>
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com
Re: ISIS-Shiro isPermitted issue
Posted by Dan Haywood <da...@haywood-associates.co.uk>.
Hi Ranganath,
I can't reproduce this issue; Shiro permissions seem to work as expected
for me.
What I did to check is as follows:
Using the todo app, I updated realm1.ini and realm2.ini (in
webapp/src/main/resources):
self-install_role = *:ToDoItemsFixturesService:installFixtures:*,\
*:ToDoItemsFixturesService:testPerms:*,\
BBY:0541
In ToDoItemsFixtureService, I added this action:
@MemberOrder(sequence = "1")
public Boolean testPerms(@Named("Permissions") final String permission)
{
return SecurityUtils.getSubject().isPermitted(permission);
}
I logged in as joe/pass (who has the self-install_role), and invoked the
action:
* if I enter "BBY:0541", it returns true
* if I enter "BBY:011", it returns false.
~~~
If you can provide a test case project on github that demonstrates the
problem, then I'll look again. But I suspect the issue is a
misconfiguration in your Shiro files. If you want to post them here, we
can try to figure out the issue for you.
Cheers
Dan
On Monday, 5 May 2014, <ch...@wipro.com> wrote:
> Hi,
>
> I want to use Apache-Shiro API methods in my code for some permissions
> check. But permission check is not working in ISIS-Shiro environment as it
> is based on class-based secyrity mechanism.
>
>
> For ex:
>
> in shiroo.ini - I gave permission as below:
> site_role = BBY:0541
>
> In the code subject.isPermitted("BBY:011") also returning true.
>
> In non-ISIS environment, this security checking is working fine.
>
> Please help how to solve this issue.
>
> BR
> Ranganath Varma
> The information contained in this electronic message and any attachments
> to this message are intended for the exclusive use of the addressee(s) and
> may contain proprietary, confidential or privileged information. If you are
> not the intended recipient, you should not disseminate, distribute or copy
> this e-mail. Please notify the sender immediately and destroy all copies of
> this message and any attachments.
>
> WARNING: Computer viruses can be transmitted via email. The recipient
> should check this email and any attachments for the presence of viruses.
> The company accepts no liability for any damage caused by any virus
> transmitted by this email.
>
> www.wipro.com
>