Details
-
New Feature
-
Status: Closed
-
Major
-
Resolution: Fixed
-
security-shiro-1.3.0
-
None
Description
as per http://markmail.org/thread/3diasqoulbujpeom
The problem turns out to be a missing "!" in the ShiroAuthenticatorOrAuthorizor.
final Collection<Realm> realms = securityManager.getRealms();
for (final Realm realm : realms) {
- if(realm.supports(token))
Unknown macro: {+ if(!realm.supports(token)) { continue; } ... }
with this fix, and with shiro.ini as configured per [1] pointing at realms [2] and [3], then the following code:
for (RoleMemento rm:container.getUser().getRoles()) {
LOG.info("ROLE: "+rm.getName());
}
for 'sven' logs:
21:46:10,279 [ToDoItem 2125139315@qtp-71626409-4 INFO ] ROLE: realm1:admin_role
21:46:10,279 [ToDoItem 2125139315@qtp-71626409-4 INFO ] ROLE: org.apache.isis.viewer.wicket.roles.USER
while for 'dick' logs:
21:51:07,062 [ToDoItem 503033028@qtp-71626409-0 INFO ] ROLE: realm1:user_role
21:51:07,062 [ToDoItem 503033028@qtp-71626409-0 INFO ] ROLE: realm1:self-install_role
21:51:07,062 [ToDoItem 503033028@qtp-71626409-0 INFO ] ROLE: realm1:analysis_role
21:51:07,062 [ToDoItem 503033028@qtp-71626409-0 INFO ] ROLE: org.apache.isis.viewer.wicket.roles.USER
[1] https://github.com/apache/isis/blob/ad16b962928715e343369b00d8a42cd12c9bd79b/example/application/quickstart_wicket_restful_jdo/webapp/src/main/webapp/WEB-INF/shiro.ini#L73
[2] https://github.com/apache/isis/blob/ad16b962928715e343369b00d8a42cd12c9bd79b/example/application/quickstart_wicket_restful_jdo/webapp/src/main/resources/webapp/realm1.ini
[3] https://github.com/apache/isis/blob/ad16b962928715e343369b00d8a42cd12c9bd79b/example/application/quickstart_wicket_restful_jdo/webapp/src/main/resources/webapp/realm2.ini