Hi Ranganath, I can't reproduce this issue; Shiro permissions seem to work as expected for me.
What I did to check is as follows: Using the todo app, I updated realm1.ini and realm2.ini (in webapp/src/main/resources): self-install_role = *:ToDoItemsFixturesService:installFixtures:*,\ *:ToDoItemsFixturesService:testPerms:*,\ BBY:0541 In ToDoItemsFixtureService, I added this action: @MemberOrder(sequence = "1") public Boolean testPerms(@Named("Permissions") final String permission) { return SecurityUtils.getSubject().isPermitted(permission); } I logged in as joe/pass (who has the self-install_role), and invoked the action: * if I enter "BBY:0541", it returns true * if I enter "BBY:011", it returns false. ~~~ If you can provide a test case project on github that demonstrates the problem, then I'll look again. But I suspect the issue is a misconfiguration in your Shiro files. If you want to post them here, we can try to figure out the issue for you. Cheers Dan On Monday, 5 May 2014, <chittari.va...@wipro.com> wrote: > Hi, > > I want to use Apache-Shiro API methods in my code for some permissions > check. But permission check is not working in ISIS-Shiro environment as it > is based on class-based secyrity mechanism. > > > For ex: > > in shiroo.ini - I gave permission as below: > site_role = BBY:0541 > > In the code subject.isPermitted("BBY:011") also returning true. > > In non-ISIS environment, this security checking is working fine. > > Please help how to solve this issue. > > BR > Ranganath Varma > The information contained in this electronic message and any attachments > to this message are intended for the exclusive use of the addressee(s) and > may contain proprietary, confidential or privileged information. If you are > not the intended recipient, you should not disseminate, distribute or copy > this e-mail. Please notify the sender immediately and destroy all copies of > this message and any attachments. > > WARNING: Computer viruses can be transmitted via email. The recipient > should check this email and any attachments for the presence of viruses. > The company accepts no liability for any damage caused by any virus > transmitted by this email. > > www.wipro.com >