Hi all,
I've created a custom realm that extends AuthorizingRealm. It gets the
authentication/authorization info from a database using JPA. I've overridden
three methods:
- onInit() to initialize the JPA entity manager
- doGetAuthenticationInfo
- doGetAuthorizationInfo
Everything seems to be working correctly in terms of logging in and out. But
I can't seem to get wildcard permissions to work.
In doGetAuthorizationInfo() I create a string of permissions from the
database and set them as string permissions on a SimpleAuthorizationInfo:
...
if (user != null) {
Set<String> perms = new HashSet<String>();
for (MDUserPermissionOrganization upo : user.getPermissions()) {
perms.add(upo.getOrganization().getId() + ":" +
upo.getPermission().getName());
}
if (!perms.isEmpty()) {
rc = new SimpleAuthorizationInfo();
rc.setStringPermissions(perms);
}
}
return rc;
So the permissions look like:
<org-id>:<permissions>
For example:
aec81cf7-5c19-4fb5-8f79-4312195eda2f:create
aec81cf7-5c19-4fb5-8f79-4312195eda2f:update
Now I've tried to use those permissions in two places:
(1) In the shiro.ini file:
[urls]
/Login.action = authc
/manager/Organization.action = authc, perms["*:create"]
(2) In the JSP file using Shiro tags:
<shiro:hasPermission name="*:create">
...some link...
</shiro:hasPermission>
In both cases, even though the user has a matching permission, the
permission check fails.
However, if I change the permission string in the ini file or jsp tag to be
explicit:
aec81cf7-5c19-4fb5-8f79-4312195eda2f:create
It works as expected.
I've checked the type of PermissionResolver being returned by my realm. The
docs say "All Shiro Realm implementations default to an internal
WildcardPermissionResolver" and if I call:
getPermissionResolver().getClass().getName() in my realm's onInit() method
it is, in fact, a WildcardPermissionResolver.
So I'm a little stumped.
Here's my complete ini file in case it helps:
[main]
# Custom realm that supports JPA
authcRealm = com.mystuff.MDAuthorizingRealm
# Pass in the persistence unit name to the realm
authcRealm.persistenceUnitName = PersistenceUnitName
authc.loginUrl = /Login.action
authc.successUrl = /manager/Home.action
[urls]
/Login.action = authc
/manager/Organization.action = authc, perms["*:create"]
/manager/** = authc
Any help you can provide would be greatly appreciated.
Thanks,
-Mike
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Wildcard-permissions-not-working-tp7181015p7181015.html
Sent from the Shiro User mailing list archive at Nabble.com.
