Shiro
  1. Shiro
  2. SHIRO-175

Improve Set of permission and role checks

    Details

      Description

      Both the shiro tag library and tapestry-security have seen fit to extend the permissions and role checks. It would be nice to have a complete set of annotations and permissions checks as follows:

      Right now, Shiro supports:

      @RequiresRoles(String)

      @RequiresPermissions(String)

      These have the additionally issue that multiple values are separated by commas, which conflicts with commas in the permission strings.

      I would like to suggest the following more complete, and specific set:

      @RequiresAllRoles(String[] ) <-- same as current RequiresRoles, except the AND is specified, and the roles can be done via:

      @RequiresAllRoles(

      {"role1", "role2"}

      )

      @RequiresAnyRoles(String[] ) <--- the OR version, runs if any role is implied.

      @RequiresAllPermissions(String[] )
      @RequiresAnyPermissions(String[] )

      SecurityCheck(allRoles, anyRoles, allPermissions, anyPermissions) <--- all in one with one annotation

        Activity

        Hide
        Felipe Carvalho added a comment -

        Please disregard my question, Kalle just answered me by the mailing list. It should be used as @RequiresPermissions(value =

        { "window:open", "door:close" }

        , logical
        = Logical.OR).

        Thanks a lot for the help!

        Show
        Felipe Carvalho added a comment - Please disregard my question, Kalle just answered me by the mailing list. It should be used as @RequiresPermissions(value = { "window:open", "door:close" } , logical = Logical.OR). Thanks a lot for the help!
        Hide
        Felipe Carvalho added a comment -

        Please excuse my newbie question, but I've downloaded 1.2.1's source and bin distributions and can't seem to find the @RequiresAnyPermissions(String[] ) anywhere. Would anyone please let me know if the annotation really exists or if this was solved in any other way?

        Thanks

        Show
        Felipe Carvalho added a comment - Please excuse my newbie question, but I've downloaded 1.2.1's source and bin distributions and can't seem to find the @RequiresAnyPermissions(String[] ) anywhere. Would anyone please let me know if the annotation really exists or if this was solved in any other way? Thanks
        Hide
        Les Hazlewood added a comment -

        Closing as this was released in 1.1.0

        Show
        Les Hazlewood added a comment - Closing as this was released in 1.1.0
        Hide
        Kalle Korhonen added a comment -

        There are several slight changes implemented as part of this issue:

        • All annotations can now be applied to classes as well (@Target(ElementType.TYPE)) in addition to methods
        • There's a new Logical annotation parameter that can be used to indicate the desired logic for processing multiple values for RequiresXXX annotations
        • added Subject.checkRoles(String... roles) for completeness (compare to checkPermissions(...) ). I don't like this last part too much as multiple checkXXX operations make the API convoluted and the decision logic for processing them asymmetric (some exceptions are thrown from handlers whereas others are thrown from Authorizer). Closing the issue for now but re-open with comments or open new issues as needed.
        Show
        Kalle Korhonen added a comment - There are several slight changes implemented as part of this issue: All annotations can now be applied to classes as well (@Target(ElementType.TYPE)) in addition to methods There's a new Logical annotation parameter that can be used to indicate the desired logic for processing multiple values for RequiresXXX annotations added Subject.checkRoles(String... roles) for completeness (compare to checkPermissions(...) ). I don't like this last part too much as multiple checkXXX operations make the API convoluted and the decision logic for processing them asymmetric (some exceptions are thrown from handlers whereas others are thrown from Authorizer). Closing the issue for now but re-open with comments or open new issues as needed.

          People

          • Assignee:
            Kalle Korhonen
            Reporter:
            Pierce Wetter
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development