Hi Ranganath,
I can't reproduce this issue; Shiro permissions seem to work as expected
for me.
What I did to check is as follows:
Using the todo app, I updated realm1.ini and realm2.ini (in
webapp/src/main/resources):
self-install_role = *:ToDoItemsFixturesService:installFixtures:*,\
*:ToDoItemsFixturesService:testPerms:*,\
BBY:0541
In ToDoItemsFixtureService, I added this action:
@MemberOrder(sequence = "1")
public Boolean testPerms(@Named("Permissions") final String permission)
{
return SecurityUtils.getSubject().isPermitted(permission);
}
I logged in as joe/pass (who has the self-install_role), and invoked the
action:
* if I enter "BBY:0541", it returns true
* if I enter "BBY:011", it returns false.
~~~
If you can provide a test case project on github that demonstrates the
problem, then I'll look again. But I suspect the issue is a
misconfiguration in your Shiro files. If you want to post them here, we
can try to figure out the issue for you.
Cheers
Dan
On Monday, 5 May 2014, <chittari.va...@wipro.com> wrote:
> Hi,
>
> I want to use Apache-Shiro API methods in my code for some permissions
> check. But permission check is not working in ISIS-Shiro environment as it
> is based on class-based secyrity mechanism.
>
>
> For ex:
>
> in shiroo.ini - I gave permission as below:
> site_role = BBY:0541
>
> In the code subject.isPermitted("BBY:011") also returning true.
>
> In non-ISIS environment, this security checking is working fine.
>
> Please help how to solve this issue.
>
> BR
> Ranganath Varma
> The information contained in this electronic message and any attachments
> to this message are intended for the exclusive use of the addressee(s) and
> may contain proprietary, confidential or privileged information. If you are
> not the intended recipient, you should not disseminate, distribute or copy
> this e-mail. Please notify the sender immediately and destroy all copies of
> this message and any attachments.
>
> WARNING: Computer viruses can be transmitted via email. The recipient
> should check this email and any attachments for the presence of viruses.
> The company accepts no liability for any damage caused by any virus
> transmitted by this email.
>
> www.wipro.com
>
