Hi Moataz,
You can support groups and hierarchical groups in your data model, but this
would be unknown to Shiro - Shiro does not utilize the concept of a Group at
the moment. The PropertiesRealm does not support the concept of Groups at
all.
If you want to do this, you would need to perform any related checks
yourself in your own Realm class/subclass. For example, take just one of
the Realm calls, like isPermitted(p):
MyRealm#isPermitted(PrincipalCollection principals, Permission p) {
User user = getUser(principals);
if (user.isPermitted(p) ) {
return true;
}
//not assigned directly to the user, so check their roles:
Collection<Role> roles = user.getRoles();
for( Role r : roles ) {
if (r.isPermitted(p) ) {
return true;
}
}
//not assigned to any of their roles, so check their groups:
//if groups are hierarchical, you might have to change this
//logic, or have the Group delegate to parent groups when
//performing the check:
Collection<Group> groups = user.getGroups();
for( Group g : groups ) {
if ( g.isPermitted(p) ) {
return true;
}
}
//fallback:
return false;
}
On Tue, Jul 14, 2009 at 4:58 AM, Moataz Elmasry <
[email protected]> wrote:
>
>
> ---------- Forwarded message ----------
> From: Moataz Elmasry <[email protected]>
> Date: 2009/7/13
> Subject: Privilages inheritance in groups
> To: [email protected]
>
>
> Hello List
>
> Is it possible that a group inherits the rights of another group. For
> example in the Properties realm something like that
> role.group1=swim,run
> role.group2=group1,fly #group2 can swim,run and fly
>
> Best regards
> Moataz
>
>
