Re: Multiple realms and roles

Fri, 18 Mar 2011 13:48:12 -0700 

I have extended and hacked WildcardPermission so that my custom permissions are 
resolved when the user specifies WildcardPermissions.  I feel that the 
inability to interact with WildcardPermission is a deficiency in Shiro.  

Here's my hack - I extend this and pass those permissions to "checkPermission". 
 I've no idea if this is the best way to go about this.  Feel free to use the 
code:

/**
 * Extension of WildcardPermission that allows programmatic building of the 
permission without appending strings together.
 */
public class BuildableWildcardPermission extends WildcardPermission
{

        private boolean caseSensitive;

        public BuildableWildcardPermission(String wildcardString, boolean 
caseSensitive)
        {
                super(wildcardString, caseSensitive);
                this.caseSensitive = caseSensitive;
        }

        public BuildableWildcardPermission(String wildcardString)
        {
                this(wildcardString, false);
        }

        /**
         * Make sure they're all lowercase (if need be).
         * 
         * @param parts
         */
        public void addPart(Set<String> parts)
        {
                if (!caseSensitive)
                {
                        Set<String> newParts = new HashSet<String>();
                        CollectionUtils.collect(parts, new Transformer<String, 
String>() {
                                @Override
                                public String transform(String s)
                                {
                                        return s == null ? null : 
s.toLowerCase();
                                }
                        }, newParts);
                        parts = newParts;
                }
                this.getParts().add(parts);
        }

        public void addPart(String part)
        {
                this.addPart(Collections.singleton(part));
        }
}


On 03/18/2011 03:36 PM, Philippe Laflamme wrote:
> Right, that makes sense.
> 
> I've just tried this and it would work only if I didn't have this other
> particularity in my setup! Bear with me this is not a simple case...
> 
> I have 2 realms. One is an IniRealm and another, CustomRealm. The IniRealm
> resolves WildcardPermissions and CustomRealm resolves SpatialPermissions.
> 
> I have a RolePermissionResolver set on both (through the
> ModularRealmAuthorizer). Since the RolePermissionResolver resolves
> Permission instances, it resolves to SpatialPermission instances for both.
> 
> This results in:
> * the IniRealm compares WildcardPersmission with SpatialPermission (one
> never implies the other)
> * the CustomRealm doesn't see the IniRealm roles, so it can't resolve any
> SpatialPermission
> 
> The end goal was to test SpatialPermissions within the CustomRealm: the ones
> for the user's roles with the ones obtained by parsing the permission
> strings to test...
> 
> It's clear that I need the later case: roles need to be available in my
> CustomRealm to encapsulate everything in there.
> 
> Any idea how I can go around this "limitation" and still keep extensibility
> (users can define there own authentication realms)?
> 
> Thanks,
> Philippe
> 
> --
> View this message in context: 
> http://shiro-user.582556.n2.nabble.com/Multiple-realms-and-roles-tp6178792p6186098.html
> Sent from the Shiro User mailing list archive at Nabble.com.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to