This is a Shiro "feature" and the only solution to this is to use '\' to separate the mappings onto separate lines in the file so that it is at least maintainable. Use this technique for both group to roles mapping and role to permission mapping. If you use the '\' after the "," that separates the key:value pairs it is more readable.
N.B. you can't use a [roles] section because that triggers Shiro to use the simple "INI" realm and not your defined realm (in most cases you are going to use an LDAP realm in an enterprise environment and the "simple" realm in Shiro isn't much use beyond prototyping work). David. ________________________________ From: David Tildesley <[email protected]> To: "[email protected]" <[email protected]> Sent: Monday, 8 July 2013 8:32 PM Subject: ISIS/Shiro security mappings. I've been playing around with the role based permission mapping. I've noticed that you can have only one of these entries per realm: realm.groupToRolesMappings = ... and realm.roleToPermissionsMappings = ... Which forces you to put everything on one line for each of the above (is there some limit to the size of this line?) which makes it very difficult to maintain. If you repeat the entries above then it's "last one wins". Have I got this right? If so, could be an improvement to allow the mappings to spread over multiple entries? i.e. realm.roleToPermissionsMappings = ... realm.roleToPermissionsMappings = ... realm.roleToPermissionsMappings = ... realm.roleToPermissionsMappings = ... realm.roleToPermissionsMappings = ... Regards, David.
