[jira] [Created] (SHIRO-534) Provide better documentation around permissions

Tue, 02 Jun 2015 23:38:24 -0700 

Kamal created SHIRO-534:
---------------------------

             Summary: Provide better documentation around permissions
                 Key: SHIRO-534
                 URL: https://issues.apache.org/jira/browse/SHIRO-534
             Project: Shiro
          Issue Type: Documentation
            Reporter: Kamal


I was playing around with custom realms and I setup the following 
AuthorizingRealm:-

{code}
public class TestRealm extends AuthorizingRealm
{

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken 
inToken) throws AuthenticationException
    {
        UsernamePasswordToken upToken = (UsernamePasswordToken) inToken;

        if (upToken.getUsername().equals("Kamal") || 
upToken.getUsername().equals("NotKamal"))
            return new SimpleAuthenticationInfo(upToken.getUsername(), 
upToken.getPassword(), getName());

        return null;
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection 
inPrincipals)
    {
        String username = (String) 
inPrincipals.fromRealm(getName()).iterator().next();
        SimpleAuthorizationInfo authzInfo = new SimpleAuthorizationInfo();
        authzInfo.addRole("User");

        if (username.equals("Kamal"))
        {
            authzInfo.addStringPermission("PRODMA:READ:AU");
            authzInfo.addStringPermission("PRODMA:WRITE:AU");
            authzInfo.addStringPermission("PRODMA:READ:KB");
            authzInfo.addStringPermission("PRODMA:WRITE:KB");
            authzInfo.addStringPermission("SUPPMA:READ:KB");
        }
        else
        {
            authzInfo.addStringPermission("PRODMA:READ,WRITE,*:AU,*");
        }

        return authzInfo;
    }
}
{code}

I then setup the following resource (I am using Guice + Jersey):-

{code}
@Path("/{client}/shiroResource")
public class ShiroResource
{
    private static final Logger LOG = 
LoggerFactory.getLogger(ShiroResource.class);
    private HttpSession mSession;

    @Inject
    public ShiroResource(HttpSession inSession)
    {
        mSession = inSession;
    }

    @POST
    @Path("requiresProdma.do")
    @Produces(MediaType.APPLICATION_JSON)
    @Consumes(MediaType.APPLICATION_JSON)
    @RequiresPermissions({ "PRODMA:*:*" })
    public String prodmaRequired()
    {
        return "Success";
    }

    @GET
    @Path("requiresSuppma.do")
    @Produces(MediaType.APPLICATION_JSON)
    @Consumes(MediaType.APPLICATION_JSON)
    @RequiresPermissions("PRODMA:*")
    public String suppmaRequired()
    {
        return "Success";
    }
}
{code}

Now, if I login as NotKamal I have access to ShiroResource,suppmaRequired, but 
if I login as Kamal, I won't.  It took me a while to work out that I needed to 
specify the permission string like this:-

{code}            authzInfo.addStringPermission("PRODMA:READ,WRITE,*:AU,*");
{code}

i feel that this is a bit unintuitive, but I guess it is what it is.  Can we 
provide better examples of setting up a custom realm with permissions?  
Preferably one which supports custom wildcards.

Thanks.

Kamal.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to