Uploaded image for project: 'Isis'
  1. Isis
  2. ISIS-840

"Permission groups" for IsisPermission (custom security string for Shiro) not working as advertised.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: core-1.5.0
    • Fix Version/s: core-1.6.0
    • Component/s: Core: Security: Shiro
    • Labels:
      None

      Description

      Per docs [1]

      user_role = !reg/org.estatio.api,\
      !reg/org.estatio.webapp.services.admin,\
      reg/* ;
      admin_role = adm/*

      then a user with both user_role and admin_role should have access to everything, because the two vetos in the "reg" group do not veto the permission provided in the "adm" group.

      ~~~
      Tracking this down showed the issue to be a reliance on equals() implementation in IsisPermission.

      [1] http://isis.apache.org/components/security/shiro/format-of-permissions.html

        Attachments

          Activity

            People

            • Assignee:
              danhaywood Dan Haywood
              Reporter:
              danhaywood Dan Haywood
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: