[
https://issues.apache.org/jira/browse/ISIS-775?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14008125#comment-14008125
]
Dan Haywood commented on ISIS-775:
----------------------------------
The reason this is permitted is because you've overlooked the fact that sven
also has admin_role, which is wildcarded to "*"
sven = pass, admin_role, site_role
admin_role = *
site_role = BBY:0540
~~~
To double check that there isn't in fact a problem with Isis, I made the
following edits to the quickstart example app:
in Admin class, added:
@Prototype
@MemberOrder(sequence="20")
public void perms() {
Subject subject = SecurityUtils.getSubject();
if (subject != null) {
System.out.println("\n BBY:0540 =
"+subject.isPermitted("BBY:0540"));
System.out.println("\n BBY:0541 =
"+subject.isPermitted("BBY:0541"));
}
}
In resources/realm1.ini, changed
sven = pass, admin_role, site_role
...
and
admin_role = *:Admin:*:*
site_role = BBY:0540
I then confirmed that when calling Admin#perms, it printed out:
BBY:0540 = true
BBY:0541 = false
> ISIS-Shiro isPermitted issue
> -----------------------------
>
> Key: ISIS-775
> URL: https://issues.apache.org/jira/browse/ISIS-775
> Project: Isis
> Issue Type: Bug
> Components: Security: Shiro
> Reporter: Ranganath Chittari
> Assignee: Dan Haywood
> Priority: Critical
> Attachments: Shiro-Permissions-Files.zip
>
>
> I want to use Apache-Shiro API methods in my code for some permissions check.
> But permission check is not working in ISIS-Shiro environment as it is based
> on class-based secyrity mechanism.
> For ex:
> in shiro.ini - I gave permission as below:
> site_role = BBY:0540
> In the code subject.isPermitted("BBY:541") also returning true.
> In non-ISIS environment, this security checking is working fine.
> Please help how to solve this issue.
> Please find attached files.
> Shiro version is 1.2.2 as this is coming via Isis-secuirty-shiro-1.3.0
--
This message was sent by Atlassian JIRA
(v6.2#6252)
