Hi Gurus!!
first thing first, i would to congratulate those who put together effort to
get this awesome framework out.
it's simple and powerful , kudos guys!!
Now i've tried using shiro 1.1.0+ maven3+spring 3.0.5.RELEASE, hibernate
3.6.1.Final with ZK 5.0.6.
i got my hibernaterealm working , talking to database, i got the
authentication working, i successfully(i believe) get the roles and
permission loaded.
so to test the authorization side i have somewhere in my code this :
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isPermitted("businessaccount:list")) {
throw new AuthorizationException("User not authorized");
}
and it works fine. So i know my permissions were loaded.
i'll be convenient for me using annotations to i've put it in implementation
class, because i didn't plan on using interface at first place with my
controller classes which are extending ZK GenericForwardController.
i've seen this https://issues.apache.org/jira/browse/SHIRO-185 bug and
i've decided to do a try with one interface with the @RequiresPersmissions
on it.
apparently it's still not working.Maybe i'm doing something wrong here are
snippet of the codes:
@Component("layouteventhandler")
public class LayoutEventHandlerImpl extends GenericForwardComposer
implements LayoutEventHandler {
Logger logger = Logger.getLogger(LayoutEventHandlerImpl.class);
Menuitem logout;
//...
@Override
public void onClick$pAccounts() {
try {
execution.sendRedirect("/accounts/personal/list");
} catch (Exception ex) {
logger.info("Error redirecting to personal accounts", ex);
}
}
@Override
public void onClick$bAccounts() {
try {
execution.sendRedirect("/accounts/business/list");
} catch (Exception ex) {
logger.info("Error redirecting to business accounts", ex);
}
}
//.....
}
its interface it :
public interface LayoutEventHandler {
@RequiresPermissions(value="personalaccount:list")
public void onClick$pAccounts();
@RequiresPermissions(value="businessaccount:list")
public void onClick$bAccounts();
//.....
}
So even using interface it seems not to be working here is my
securityApplicationContext.xml
<bean id="hibernateRealm"
class="com.personal.project.admin.webapp.security.DatabaseRealm" />
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="hibernateRealm" />
</bean>
<bean id="lifecycleBeanPostProcessor"
class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor">
</bean>
<bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
<bean id="secureRemoteInvocationExecutor"
class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor">
<property name="securityManager" ref="securityManager"/>
</bean>
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/authentication/login" />
<property name="unauthorizedUrl"
value="/authentication/unauthorized" />
<property name="filterChainDefinitions">
<value>
/authentication/** = anon
/ = authc
/accounts/** = authc
/transactions/** = authc
/subscribers/** = authc
/i-charges/** = authc
/charge-model = authc
/settings/** = authc
</value>
</property>
</bean>
I would like to know if the technology am using matters meaning, is it ok to
have ZK+shrio?
Am sure i'm the one not configuring something well. I would appreciate if
anyone shed some light on this for me.thanks for reading
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/shiro-1-1-0-RequiresAnnotations-not-working-in-spring-container-isn-t-it-fixed-tp6629236p6629236.html
Sent from the Shiro User mailing list archive at Nabble.com.
