Hi,
Wildcard permission with multiple actions are not working for me.
I have a permission defined like this in shiro.ini:
courses:delete,update,create:courseA
I'm observing that Subject.isPermitted("courses:[action]:courseA")
returns true only for first action ("delete"), but not for subsequent
actions.
If I change the order of actions, it returns true only for the new first
action, not for other actions.
Can someone here tell me where's the mistake? I'm using Shiro 1.2
("shiro-all-1.2.0.jar").
shiro.ini:
[users]
guest = guest, guest
[roles]
guest = courses:delete,update,create:courseA
Application Code:
public class ShiroExplorer {
public static void main(String[] args) {
IniSecurityManagerFactory securityManagerFactory = new
IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager secMgr = securityManagerFactory.createInstance();
SecurityUtils.setSecurityManager(secMgr);
Subject curUser = SecurityUtils.getSubject();
if (!curUser.isAuthenticated()) {
AuthenticationToken authToken = new UsernamePasswordToken("guest",
"guest");
try {
curUser.login(authToken);
} catch (AuthenticationException e) {
e.printStackTrace();
return;
}
System.out.println("guest role=" + curUser.hasRole("guest"));
String instance = "courseA";
String createPerm = "courses:create:" + instance;
String updatePerm = "courses:update:" + instance;
String deletePerm = "courses:delete:" + instance;
System.out.println("create " + instance + " permitted:" +
curUser.isPermitted(createPerm)); // Returns false
System.out.println("update " + instance + " permitted:" +
curUser.isPermitted(updatePerm)); // Returns false
System.out.println("delete " + instance + " permitted:" +
curUser.isPermitted(deletePerm)); // Returns true
}
}
}
Thanks
kshiraly
