[CAUSEWAY-840] "Permission groups" for IsisPermission (custom security string for Shiro) not working as advertised. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: core-1.5.0
Fix Version/s: core-1.6.0
Component/s: Security Shiro
Labels:
None

Description

Per docs [1]

user_role = !reg/org.estatio.api,\
!reg/org.estatio.webapp.services.admin,\
reg/* ;
admin_role = adm/*

then a user with both user_role and admin_role should have access to everything, because the two vetos in the "reg" group do not veto the permission provided in the "adm" group.

~~~
Tracking this down showed the issue to be a reliance on equals() implementation in IsisPermission.

[1] http://isis.apache.org/components/security/shiro/format-of-permissions.html

Attachments

Activity

People

Assignee:: Daniel Keir Haywood

Reporter:: Daniel Keir Haywood

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 17/Jul/14 12:31

Updated:: 28/Jul/14 13:35

Resolved:: 18/Jul/14 05:26