WildCardPermisions

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

WildCardPermisions

jim.piersol@gmail.com
I am trying to find if there is a way to do this:

I have a user with permissions assigned like:   "object:read:index1",
"object:read:index2", "object:read:index3" ...

I am looking for a way to check to see if my user has ANY permissions that
start with "object:read".  I was thinking I could use
SecurityUtils.getSubject().isPermitted("object:read:*"), i.e. check for any
permissions that match, but that doesn't seem to work.

You can assign a permission with a wildcard to a user like :
"object:read:*", meaning this user has access to ALL things that check for
permission that start with "object:read", but I can't find a way to check
the opposite direction.

Any ideas?



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: WildCardPermisions

Claude Warren
I had a similar problem and the only solution I could find was to implement my own permissions check.

Claude

On Thu, Feb 28, 2019 at 4:57 PM [hidden email] <[hidden email]> wrote:
I am trying to find if there is a way to do this:

I have a user with permissions assigned like:   "object:read:index1",
"object:read:index2", "object:read:index3" ...

I am looking for a way to check to see if my user has ANY permissions that
start with "object:read".  I was thinking I could use
SecurityUtils.getSubject().isPermitted("object:read:*"), i.e. check for any
permissions that match, but that doesn't seem to work.

You can assign a permission with a wildcard to a user like :
"object:read:*", meaning this user has access to ALL things that check for
permission that start with "object:read", but I can't find a way to check
the opposite direction.

Any ideas?



--
Sent from: http://shiro-user.582556.n2.nabble.com/


--
Reply | Threaded
Open this post in threaded view
|

Re: WildCardPermisions

armandoxxx
This post was updated on .
In reply to this post by jim.piersol@gmail.com
according to docs this works ...

https://shiro.apache.org/permissions.html

have you tried ?
SecurityUtils.getSubject().isPermitted("object:read"),

Regards

Armando





--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: WildCardPermisions

jim.piersol@gmail.com
No, that does not work.  I wish it did, because it would cover my situation.

If my User has the permission "object:read:abc"

and I do: SecurityUtils.getSubject().isPermitted("object:read");

the isPermitted(...) call returns "false".



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: WildCardPermisions

Brian Demers
Personally, I always think of permissions the other way around.
Assign the more general permissions to my users, and very specific permissions to my resources.

I also like to keep them right to left, generic to specific.
My user could have "object:abc" (or "object:abc:*") and when attempting to access the permission i'd check for "object:abc:read"

This doesn't fit everyone's use cases of course, and might not help with what you are trying to do

On Fri, Mar 1, 2019 at 11:06 AM [hidden email] <[hidden email]> wrote:
No, that does not work.  I wish it did, because it would cover my situation.

If my User has the permission "object:read:abc"

and I do: SecurityUtils.getSubject().isPermitted("object:read");

the isPermitted(...) call returns "false".



--
Sent from: http://shiro-user.582556.n2.nabble.com/