>From a quick run through, it appears that you've not set "permissionsLookupEnabled" in the JdbcRealm. I'm not entirely sure why that's disabled by default, but according to the docs, it is (also, according to the code). You can either set the value directly in the constructor of RoleSecurityJdbcRealm or, I think in the [main] section of your shiro config you can add "realmA.permissionsLookupEnabled=true".
With that change I am able to access the "secure" section of the site when logged in as bruce. Thanks, Jared On 1/8/11 8:56 PM, "Bruce Phillips" <[email protected]> wrote: > > I'm updating a series of Shiro tutorials I wrote in April 2009, when Shiro > was knows as JSecurity and was in version 0.9. These tutorial are linked to > from the Shiro website (http://shiro.apache.org/articles.html). > > The first four tutorials updated just fine. However, my last tutorial on > how to use permissions in Shiro has a problem. After upgrading to Shiro > 1.1.0 - permissions no longer work. Everything else is working - user > authentication and role checking. > > I reviewed the documentation and API for 1.1.0 and it looks like permissions > should work the same as they did in JSecurity 0.9. > > The updated article with download is here: > > http://www.brucephillips.name/blog/index.cfm/2009/5/1/An-Introduction-to-Ki-fo > rmerly-JSecurity--A-Beginners-Tutorial-Part-5 > > Both the roles admin and staff have permission of secure in the > roles_permissions table. But when logging in with users ([email protected] > or [email protected]) who have those roles, the > subject.isPermitted("secure") statement returns false. > > Any help would be appreciated so that I can this last tutorial working > correctly with Shiro 1.1.0. > > Bruce Phillips
