[jira] Resolved: (SHIRO-101) Comma in role in the properties file is not read correctly by the PropertyRealm

[Les Hazlewood (JIRA)]

     [ 
https://issues.apache.org/jira/browse/SHIRO-101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Les Hazlewood resolved SHIRO-101.
---------------------------------

    Resolution: Not A Problem

Because permissions are comma delimited in the .ini and .properties files, if a 
permission definition itself has commas (as in your example), you must quote 
the permission definition.

For example:

role.test = printer:print:lp7200, "user:create,delete"



> Comma in role in the properties file is not read correctly by the 
> PropertyRealm
> -------------------------------------------------------------------------------
>
>                 Key: SHIRO-101
>                 URL: https://issues.apache.org/jira/browse/SHIRO-101
>             Project: Shiro
>          Issue Type: Bug
>          Components: Configuration
>    Affects Versions: 0.9-RC1, 0.9
>         Environment: Ubuntu 8.10, eclipse Galileo
>            Reporter: Moataz Elmasry
>             Fix For: 1.0
>
>         Attachments: shirobug.zip
>
>
> I had the following the property file.
> user.luke=luke,Pilot
> role.Pilot=xWing:fly:xxx,yyy
> Now supposdly subject.isPermitted("xWing:fly:xxx") and 
> Subject.isPermitted("xWing:fly:yyy") should both return true. this is not the 
> case, since the first returns true and the second false. Now lets exchange 
> the last term as follows: role.Pilot=xWing:fly:yyy,xxx. and make the same 
> calls again. Now we see the forst returns false and the second returns true. 
> So now we know that only the first token before the comma is read.
> Looking into shiro code in 
> org.apache.shiro.util.PermissionUtils.toPermissionStrings() which calls in 
> turn StringUtils.split(permissionString). This function splits the string 
> around the comma. So from role.Pilot=xWing:fly:xxx,yyy we get two string: 
> xWing:fly:xxx  and yyy. To prove this theory I called 
> Subject.isPermitted("yyy") which returned true.
> My suggestion would be not to call PermissionUtils at all, since its being 
> called from WildcardPermission which in turn splits the String using * then 
> the comma afterwards. So it makes no sense splitting the string with the 
> comma two times, since the second time there would be nothing to split anyway.
> Best regards and thanks for your efforts

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.