Shiro
  1. Shiro
  2. SHIRO-331

The Spring ACL has a cool feature that allow you to evaluate any SpEL when doing Authorization check using annotation. This is a feature that allow doing the same with shiro.

    Details

      Description

      On Spring ACL you can annotate a function with something like this:

      @PreAuthorize("hasAnyRole('ROLE_SUPER_USER','ROLE_ SYSTEM_ADMIN') and hasPermission(#id, 'com.xyz.db.domain.impl.XyzConfigImpl', 'read')")

      Note the evaluation of a method, the use of logic operators, the ability t use the parameters passed to the method.
      This is a neccessary feature for doing any ACL like control check from an annotation because otherwise you're obliged to do the check your self from inside the method body.

        Activity

        Hide
        Jared Bunting added a comment -

        I'm wondering if this can fit in with / solved by SHIRO-314? The only thing that I don't see in there is the ability to use the parameters passed to the method.

        Show
        Jared Bunting added a comment - I'm wondering if this can fit in with / solved by SHIRO-314 ? The only thing that I don't see in there is the ability to use the parameters passed to the method.
        Hide
        DIALLO Mamadou BObo added a comment -

        I've seen this, but SpEl go far beyond this as you can do basically whatever you like to check permissions.
        And yes, it work with parameters name using ParameterNameDiscoverer of spring.

        And there is many people out there that use shiro with spring so it won't add a dependency in any case.

        Show
        DIALLO Mamadou BObo added a comment - I've seen this, but SpEl go far beyond this as you can do basically whatever you like to check permissions. And yes, it work with parameters name using ParameterNameDiscoverer of spring. And there is many people out there that use shiro with spring so it won't add a dependency in any case.
        Hide
        DIALLO Mamadou BObo added a comment -

        Here is an example of usage:

        @EvaluatePermission("isPermittedAll('users:'#userId':accessaps') or hasRole('admin') or user.getRole() == 'admin'")
        public List<AppInfo> getUserApps(User user)

        Show
        DIALLO Mamadou BObo added a comment - Here is an example of usage: @EvaluatePermission("isPermittedAll('users:' #userId ':accessaps') or hasRole('admin') or user.getRole() == 'admin'") public List<AppInfo> getUserApps(User user)

          People

          • Assignee:
            Unassigned
            Reporter:
            DIALLO Mamadou BObo
          • Votes:
            3 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:

              Time Tracking

              Estimated:
              Original Estimate - 12h
              12h
              Remaining:
              Remaining Estimate - 12h
              12h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development