Hi Korbinian, Can you please create a Jira issue for this if you haven't already?
Thanks, Les On Thu, Dec 16, 2010 at 5:50 AM, Korbinian Bachl - privat <[email protected]> wrote: > Hello, > > I dont know if this is a bug or a inteded impl. of AuthorizingRealm, but > whenever I used permissions I always ended up: > > java.lang.NullPointerException > at > org.apache.shiro.realm.AuthorizingRealm.isPermitted(AuthorizingRealm.java:452) > at > org.apache.shiro.authz.ModularRealmAuthorizer.isPermitted(ModularRealmAuthorizer.java:222) > at > org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:320) > .... > > while Roles work fine and as expected. My > SSAuthorizingRealm.doGetAuthorizationMethod is based upon JDBCRealm > > @Override > protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection > principals) { > //null usernames are invalid > if (principals == null) { > throw new AuthorizationException("PrincipalCollection method > argument cannot be null."); > } > > String username = (String) getAvailablePrincipal(principals); > > Set<String> roleNames = new LinkedHashSet<String>(); > Set<String> permissions = new LinkedHashSet<String>(); > SystemUser user = getBean().getSystemUser(username); > > if (user == null) { > SecurityUtils.getSubject().logout(); > throw new AuthorizationException("Unknown Account!"); > } > > for (SystemUserRoles r : bean.getRolesForUser(user.getId())) { > roleNames.add(r.getRole()); > } > > for (SystemUserPermissons p : > bean.getPermissionsForUser(user.getId())) { > permissions.add(p.getPermission()); > } > > SimpleAuthorizationInfo info = new > SimpleAuthorizationInfo(roleNames); > info.setStringPermissions(permissions); > return info; > } > > which looked fine. > > Whenever a permission is checked, the above code works and returns 0 - many > roles (based upon user); But line > Permission p = getPermissionResolver().resolvePermission(permission); > in AuthorizingRealm fails with NPE; > > After digging around I found out that there is no check in the JDBCRealm and > more important in the Authorization if a permissionResolver is set. I made > my Realm working by catching a > > if(getPermissionResolver() == null) { > setPermissionResolver(new WildcardPermissionResolver()); > } > > in the doGetAuthorizationInfo method but maybe this should be adressed > directly in the AuthorizationRealm? > > > > Best, > > Korbinian
