You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Kamal (JIRA)" <ji...@apache.org> on 2015/06/03 08:37:49 UTC
[jira] [Created] (SHIRO-534) Provide better documentation around
permissions
Kamal created SHIRO-534:
---------------------------
Summary: Provide better documentation around permissions
Key: SHIRO-534
URL: https://issues.apache.org/jira/browse/SHIRO-534
Project: Shiro
Issue Type: Documentation
Reporter: Kamal
I was playing around with custom realms and I setup the following AuthorizingRealm:-
{code}
public class TestRealm extends AuthorizingRealm
{
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken inToken) throws AuthenticationException
{
UsernamePasswordToken upToken = (UsernamePasswordToken) inToken;
if (upToken.getUsername().equals("Kamal") || upToken.getUsername().equals("NotKamal"))
return new SimpleAuthenticationInfo(upToken.getUsername(), upToken.getPassword(), getName());
return null;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection inPrincipals)
{
String username = (String) inPrincipals.fromRealm(getName()).iterator().next();
SimpleAuthorizationInfo authzInfo = new SimpleAuthorizationInfo();
authzInfo.addRole("User");
if (username.equals("Kamal"))
{
authzInfo.addStringPermission("PRODMA:READ:AU");
authzInfo.addStringPermission("PRODMA:WRITE:AU");
authzInfo.addStringPermission("PRODMA:READ:KB");
authzInfo.addStringPermission("PRODMA:WRITE:KB");
authzInfo.addStringPermission("SUPPMA:READ:KB");
}
else
{
authzInfo.addStringPermission("PRODMA:READ,WRITE,*:AU,*");
}
return authzInfo;
}
}
{code}
I then setup the following resource (I am using Guice + Jersey):-
{code}
@Path("/{client}/shiroResource")
public class ShiroResource
{
private static final Logger LOG = LoggerFactory.getLogger(ShiroResource.class);
private HttpSession mSession;
@Inject
public ShiroResource(HttpSession inSession)
{
mSession = inSession;
}
@POST
@Path("requiresProdma.do")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@RequiresPermissions({ "PRODMA:*:*" })
public String prodmaRequired()
{
return "Success";
}
@GET
@Path("requiresSuppma.do")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@RequiresPermissions("PRODMA:*")
public String suppmaRequired()
{
return "Success";
}
}
{code}
Now, if I login as NotKamal I have access to ShiroResource,suppmaRequired, but if I login as Kamal, I won't. It took me a while to work out that I needed to specify the permission string like this:-
{code} authzInfo.addStringPermission("PRODMA:READ,WRITE,*:AU,*");
{code}
i feel that this is a bit unintuitive, but I guess it is what it is. Can we provide better examples of setting up a custom realm with permissions? Preferably one which supports custom wildcards.
Thanks.
Kamal.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)