Hello !
I have a problem with a custom authorizing realm and permissions. I am
trying to create a simple Authorizing Realm for Apache Shiro for
testing:
public class MyAuthRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo
doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo sai = new SimpleAuthorizationInfo();
sai.addRole("kota");
sai.addStringPermission("koko:*:view");
return sai;
}
@Override
protected AuthenticationInfo
doGetAuthenticationInfo(AuthenticationToken token) throws
AuthenticationException {
return null;
}
}
As you can see it doesn't care about who the user is - it just returns
a role and a specific permission.
Now, I am trying to test that in the following snipptet:
if(SecurityUtils.getSubject().hasRole("kota")) {
out.write("kota ");
}
if(SecurityUtils.getSubject().hasRole("kota2")) {
out.write("kota2 ");
}
if(SecurityUtils.getSubject().isPermitted("koko:toto:view")) {
out.write("koko ");
}
if(SecurityUtils.getSubject().isPermitted("koko2:toto:view")) {
out.write("koko2 ");
}
And I receive the following output
kota koko koko2
So it seems that the role is configured correctly (since the user only
has the role kota), but the permission is not (why is koko2
printed???) !!!!
Can anybody explain to me what I am doing wrong ?
Also, I have already asked the question to SO:
http://stackoverflow.com/questions/9208996/getting-confused-with-apache-shiro-and-custom-authorizing-realms
So if you want to asnwer it there and receive the reputation feel free
to do so.
Thanks,
Serafeim
