Thanks for looking into this further, David. I'll add a page to our website to describe this "feature".
Cheers Dan On 8 July 2013 23:17, David Tildesley <[email protected]> wrote: > This is a Shiro "feature" and the only solution to this is to use '\' to > separate the mappings onto separate lines in the file so that it is at > least maintainable. Use this technique for both group to roles mapping and > role to permission mapping. If you use the '\' after the "," that separates > the key:value pairs it is more readable. > > N.B. you can't use a [roles] section because that triggers Shiro to use > the simple "INI" realm and not your defined realm (in most cases you are > going to use an LDAP realm in an enterprise environment and the "simple" > realm in Shiro isn't much use beyond prototyping work). > > David. > > > > ________________________________ > From: David Tildesley <[email protected]> > To: "[email protected]" <[email protected]> > Sent: Monday, 8 July 2013 8:32 PM > Subject: ISIS/Shiro security mappings. > > > > > I've been playing around with the role based permission mapping. > > I've noticed that you can have only one of these entries per realm: > > > realm.groupToRolesMappings = ... > > and > > realm.roleToPermissionsMappings = ... > > Which forces you to put everything on one line for each of the above (is > there some limit to the size of this line?) which makes it very difficult > to maintain. > > If you repeat the entries above then it's "last one wins". > > Have I got this right? > > If so, could be an improvement to allow the mappings to spread over > multiple entries? > > i.e. > > > realm.roleToPermissionsMappings = ... > realm.roleToPermissionsMappings = ... > realm.roleToPermissionsMappings = ... > realm.roleToPermissionsMappings = ... > realm.roleToPermissionsMappings = ... > > Regards, > David. >
