Thanks for the help Jared!
Here is what I am using in case anyone else would like the code, it is a
very trivial modification.
================
package net.dupage88.usercentral.shiro.filter;
import java.io.IOException;
import java.util.Set;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.CollectionUtils;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
public class AnyRoleFilter extends AuthorizationFilter {
@Override
protected boolean isAccessAllowed(ServletRequest request,
ServletResponse response, Object mappedValue) throws IOException
{
Subject subject = getSubject(request, response);
String[] rolesArray = (String[]) mappedValue;
if (rolesArray == null || rolesArray.length == 0) {
return true;
}
Set<String> roles = CollectionUtils.asSet(rolesArray);
if ( roles != null )
{
for( String role : roles )
{
if ( role == null || role.trim().length() == 0)
{
continue;
}
if ( subject.hasRole(role.trim()))
{
return true;
}
}
}
return false;
}
}
===================================
On 10/01/2012 11:50 AM, Jared Bunting wrote:
Unfortunately, Shiro does not currently support this out of the box. So,
you will need to write your own filter.
Fortunately, the filter is fairly simple to right. Simply copying the
RolesAuthorizationFilter and modifying it slightly we get something like
this:
public class AnyRoleAuthorizationFilter extends AuthorizationFilter {
@SuppressWarnings({"unchecked"})
public boolean isAccessAllowed(ServletRequest request,
ServletResponse response, Object mappedValue) throws IOException {
Subject subject = getSubject(request, response);
String[] rolesArray = (String[]) mappedValue;
if (rolesArray == null || rolesArray.length == 0) {
//no roles specified, so nothing to check - allow access.
return true;
}
Set<String> roles = CollectionUtils.asSet(rolesArray);
for(String role: roles) {
if(subject.hasRole(role) {
return true;
}
}
return false;
}
}
To include this in your shiro.ini:
[main]
...
anyRole = com.example.AnyRoleAuthorizationFilter
[urls]
/protected/** =
ssl,authc,anyRole["net.dupage88.role.staff,net.dupage88.role.student"]
Hope that helps,
Jared
On Mon 01 Oct 2012 11:09:27 AM CDT, Charles Syperski wrote:
I have a URL that am I attempting to configure which like this:
/protected/** =
ssl,authc,roles["net.dupage88.role.staff,net.dupage88.role.student"]
This currently requires membership of both net.dupage88.role.staff and
net.dupage88.role.student.
What I want to do is allow access if the user is authc and has the
role net.dupage88.role.staff OR net.dupage88.role.student, is this
possible? The groups are mutually exclusive, so they will be member
of just one of the two. If so, how do I setup it up in the ini?
So logically I want (ssl && authc && ( net.dupage88.role.staff ||
net.dupage88.role.student ) )
If it isn't possible do I need to create my own filter for this? I
would like to avoid this because it is less flexible, but I that is
what I need please let me know.
Thanks for the awesome framework and any help you can provide.
Thanks,
Chuck
