Dan Haywood created ISIS-656:
--------------------------------
Summary: Roles not setup when using Shiro
Key: ISIS-656
URL: https://issues.apache.org/jira/browse/ISIS-656
Project: Isis
Issue Type: New Feature
Components: Security: Shiro
Affects Versions: security-shiro-1.3.0
Reporter: Dan Haywood
Assignee: Dan Haywood
Fix For: security-shiro-1.4.0
as per http://markmail.org/thread/3diasqoulbujpeom
The problem turns out to be a missing "!" in the ShiroAuthenticatorOrAuthorizor.
final Collection<Realm> realms = securityManager.getRealms();
for (final Realm realm : realms) {
- if(realm.supports(token)) {
+ if(!realm.supports(token)) {
continue;
}
...
}
with this fix, and with shiro.ini as configured per [1] pointing at realms [2]
and [3], then the following code:
for (RoleMemento rm:container.getUser().getRoles()) {
LOG.info("ROLE: "+rm.getName());
}
for 'sven' logs:
21:46:10,279 [ToDoItem 2125139315@qtp-71626409-4 INFO ] ROLE:
realm1:admin_role
21:46:10,279 [ToDoItem 2125139315@qtp-71626409-4 INFO ] ROLE:
org.apache.isis.viewer.wicket.roles.USER
while for 'dick' logs:
21:51:07,062 [ToDoItem 503033028@qtp-71626409-0 INFO ] ROLE:
realm1:user_role
21:51:07,062 [ToDoItem 503033028@qtp-71626409-0 INFO ] ROLE:
realm1:self-install_role
21:51:07,062 [ToDoItem 503033028@qtp-71626409-0 INFO ] ROLE:
realm1:analysis_role
21:51:07,062 [ToDoItem 503033028@qtp-71626409-0 INFO ] ROLE:
org.apache.isis.viewer.wicket.roles.USER
[1]
https://github.com/apache/isis/blob/ad16b962928715e343369b00d8a42cd12c9bd79b/example/application/quickstart_wicket_restful_jdo/webapp/src/main/webapp/WEB-INF/shiro.ini#L73
[2]
https://github.com/apache/isis/blob/ad16b962928715e343369b00d8a42cd12c9bd79b/example/application/quickstart_wicket_restful_jdo/webapp/src/main/resources/webapp/realm1.ini
[3]
https://github.com/apache/isis/blob/ad16b962928715e343369b00d8a42cd12c9bd79b/example/application/quickstart_wicket_restful_jdo/webapp/src/main/resources/webapp/realm2.ini
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
