Quantcast

wildcard permission matching question

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

wildcard permission matching question

Andrea
Hi All,

I don't understand if the following wildcard behavior is normal or not:

the user permission is: "applicationA:*"

if i check subject.isPermitted("*:something") return false

the method return true if I remove the wildcard from one of the two ex:

user permission: "applicationA:something"
subject.isPermitted("*:something")

or

user permission: "applicationA:*"
subject.isPermitted("applicationA:something")

Any help you can provide would be greatly appreciated.

Thanks, Andrea
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard permission matching question

Brian Demers
My advice would be to call isPermitted on concrete permission strings (i.e. 'applicationA:something') and grant your users any combination of the wild card string that matters.

Think of it as your resource you are protecting has a specific action 'book:write", and you user could have "book:write", "book:read", or "book:*"

Does that help?

On Wed, May 10, 2017 at 5:27 AM, Andrea <[hidden email]> wrote:
Hi All,

I don't understand if the following wildcard behavior is normal or not:

the user permission is: "applicationA:*"

if i check subject.isPermitted("*:something") return false

the method return true if I remove the wildcard from one of the two ex:

user permission: "applicationA:something"
subject.isPermitted("*:something")

or

user permission: "applicationA:*"
subject.isPermitted("applicationA:something")

Any help you can provide would be greatly appreciated.

Thanks, Andrea




--
View this message in context: http://shiro-user.582556.n2.nabble.com/wildcard-permission-matching-question-tp7581588.html
Sent from the Shiro User mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard permission matching question

Andrea
Thank you for the reply, I'll try to find another way to do what I need.

Loading...