Perhaps this code snippet will help you:
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.permission.WildcardPermission;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import static org.junit.Assert.assertTrue;
import org.junit.Test;
/**
*
* @author lprimak
*/
public class ShiroTest
{
@Test
private void subjectPermission()
{
DefaultSecurityManager sm =
(DefaultSecurityManager)SecurityUtils.getSecurityManager();
AuthorizingRealm realm =
(AuthorizingRealm)sm.getRealms().iterator().next();
PrincipalCollection pr = new SimplePrincipalCollection(new Object(),
realm.getName());
assertTrue(realm.isPermitted(pr, new
WildcardPermission("printer:laserjet:*")));
}
}
> On Apr 27, 2016, at 4:04 AM, malbinola <[email protected]> wrote:
>
> Hi,
> i'm using Shiro 1.2.4 in my webapp and i need to check permissions against a
> subject (using isPermitted) that does not match the current one available
> through the SecurityUtils.getSubject() method.
>
> I defined the following method:
>
> public static Subject buildSubject(String userId) {
> Principal principal = new Principal(userId);
> PrincipalCollection principals = new
> SimplePrincipalCollection(principal, "MyRealmName");
> return new Subject.Builder().principals(principals).buildSubject();
> }
>
> This method is able to return a Subject on-the-fly related to an arbirtary
> userId (e.g. "name@domain").
> The method works but after digging into server logs i noticed that the
> builder creates a new Session each time i call that method.
> Why? I do not need a new session, i only want to check a permission.
>
> I tried to change my code in this way:
> return new
> Subject.Builder().sessionCreationEnabled(false).principals(principals).buildSubject();
>
> but i always get a DisabledSessionException with the following message:
> "Session creation has been disabled for the current subject. This exception
> indicates that there is either a programming error (using a session when it
> should never be used) or that Shiro's configuration needs to be adjusted to
> allow Sessions to be created for the current Subject. See the
> org.apache.shiro.subject.support.DisabledSessionException JavaDoc for more."
>
> Do you have any suggestions to achieve my needs?
> Thank you,
> Matteo
>
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Create-a-Subject-without-session-for-permission-check-only-tp7581034.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
