[
https://issues.apache.org/jira/browse/SHIRO-314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13068654#comment-13068654
]
Maria Jurcovicova commented on SHIRO-314:
-----------------------------------------
I started with a grammar and would like to get some feedback on it. Demo
proof-of-concept parser is in the GrammarDemoProofOfConcept.rar attachment.
The grammar has four operators:
* and &&
* or ||
* not !
* parenthesis ( )
and two build-in functions:
* role,
* permission.
Example:
@Secured("permission('account:1 0:test') && (permission('print paper') ||
!role('role'))")
--------------- Escaping:
Theoretically, the symbol ' might be used in role or permission name. To escape
it, use /.
Example:
@Secured("permission('some role with /' symbol')")
@Secured("role('some role with // symbol')")
The symbol \ is more standard, but that one has to be escaped in java. E.g. the
user would have to write
role('name with \\' in it')) instead of role('name with /' in it')) to get
"name with ' in it"
role('name with \\\\ in it')) instead of role('name with // in it')) to get
"name with \ in it" or "name with / in it"
--------------- Shortcut 1:
As expressions might get too long, both role and permission functions takes n
parameters:
* role(role_1, role_2, ..., role_n),
* permission(permission_1, permission_2, ..., permission_n).
Role function returns true if currently logged user has all specified roles.
Permission function returns true if currently logged user has all specified
permissions.
Example:
@Secured("role('traveling sales', 'employee')")
is equivalent to
@Secured("role('traveling sales') && role('employee')")
@Secured("permission('account:1', 'print')")
is equivalent to
@Secured("permission('account:1') && permission('print')")
--------------- Shortcut 2:
I assume that roles are used more often. If neither role nor permission
function is specified, role is assumed.
Example:
@Secured("'traveling sales' && 'employee' || 'some role')")
is equivalent to
@Secured("role('traveling sales') && role('employee') || role('some role')")
> Authorization ANTLR Grammar
> ---------------------------
>
> Key: SHIRO-314
> URL: https://issues.apache.org/jira/browse/SHIRO-314
> Project: Shiro
> Issue Type: New Feature
> Components: Authorization (access control)
> Reporter: Maria Jurcovicova
> Attachments: GrammarDemoProofOfConcept.rar
>
>
> Create a single annotation that would translate the expression into the
> relevant hasRole/isPermitted calls.
> Details are on wiki
> https://cwiki.apache.org/confluence/display/SHIRO/Version+2+Brainstorming#Version2Brainstorming-AuthorizationANTLRGrammar
> .
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
