[jira] Updated: (SHIRO-101) Comma in role in the properties file is not read correctly by the PropertyRealm

Mon, 07 Dec 2009 09:27:42 -0800 

     [ 
https://issues.apache.org/jira/browse/SHIRO-101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Les Hazlewood updated SHIRO-101:
--------------------------------

    Affects Version/s:     (was: Incubation)
                       0.9
                       0.9-RC1
        Fix Version/s:     (was: Incubation)
                       1.0

> Comma in role in the properties file is not read correctly by the 
> PropertyRealm
> -------------------------------------------------------------------------------
>
>                 Key: SHIRO-101
>                 URL: https://issues.apache.org/jira/browse/SHIRO-101
>             Project: Shiro
>          Issue Type: Bug
>          Components: Configuration
>    Affects Versions: 0.9-RC1, 0.9
>         Environment: Ubuntu 8.10, eclipse Galileo
>            Reporter: Moataz Elmasry
>             Fix For: 1.0
>
>         Attachments: shirobug.zip
>
>
> I had the following the property file.
> user.luke=luke,Pilot
> role.Pilot=xWing:fly:xxx,yyy
> Now supposdly subject.isPermitted("xWing:fly:xxx") and 
> Subject.isPermitted("xWing:fly:yyy") should both return true. this is not the 
> case, since the first returns true and the second false. Now lets exchange 
> the last term as follows: role.Pilot=xWing:fly:yyy,xxx. and make the same 
> calls again. Now we see the forst returns false and the second returns true. 
> So now we know that only the first token before the comma is read.
> Looking into shiro code in 
> org.apache.shiro.util.PermissionUtils.toPermissionStrings() which calls in 
> turn StringUtils.split(permissionString). This function splits the string 
> around the comma. So from role.Pilot=xWing:fly:xxx,yyy we get two string: 
> xWing:fly:xxx  and yyy. To prove this theory I called 
> Subject.isPermitted("yyy") which returned true.
> My suggestion would be not to call PermissionUtils at all, since its being 
> called from WildcardPermission which in turn splits the String using * then 
> the comma afterwards. So it makes no sense splitting the string with the 
> comma two times, since the second time there would be nothing to split anyway.
> Best regards and thanks for your efforts

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to