У меня есть roles_perms
таблицу следоватькак проверить несколько разрешений в таблице базы данных?
id || username || role_name || perms_name
1 root admin page:show:*;folder:show:*
2 user1 editor page:show:editorpage,page1;folder:show:folder45,folder55
но после строки кода не возвращает ожидаемого результата.
// for user with role "admin"
System.out.println("Test 1 :"+SecurityUtils.getSubject().isPermitted("page:show:*")); // false
System.out.println("Test 2 :"+SecurityUtils.getSubject().isPermitted("page:show:*;folder:show:*")); // true
output:
Test1 :false
Test2 :true
// for user with role "editor"
System.out.println("Test 3 :"+SecurityUtils.getSubject().isPermitted("page:show:page1")); // false
System.out.println("Test 4 :"+SecurityUtils.getSubject().isPermitted("page:show:page1;folder:show:folder55")); // false
output:
Test3 :false
Test4 :false
UPDATE:
shiro.ini файл
[main]
ds = org.apache.shiro.jndi.JndiObjectFactory
ds.requiredType = javax.sql.DataSource
ds.resourceName = jdbc/imgDB
ds.resourceRef = true
jdbcRealm = com.java.realm.MyRealm
# 1000 ms = 1 sec
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 1800000
# password hashing specification
sha256Matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
sha256Matcher.hashAlgorithmName = SHA-256
jdbcRealm.credentialsMatcher = $sha256Matcher
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.authenticationQuery = SELECT password FROM shiro_users WHERE username = ?
jdbcRealm.userRolesQuery = SELECT role_name FROM shiro_user_roles WHERE username = ?
jdbcRealm.permissionsQuery = SELECT perms_name FROM shiro_roles_perms WHERE role_name = ? AND username = ?
jdbcRealm.dataSource = $ds
jdbcRealm.authorizationCachingEnabled = false
# specify login page
authc.loginUrl = /login.jsp
# redirect after successful login
authc.successUrl = /home.jsp
# roles filter: redirect to error page if user does not have access rights
# perms filter: redirect to error page if user does not have permissions
roles.unauthorizedUrl = /accessdenied.jsp
perms.unauthorizedUrl = /accessdenied.jsp
# request parameter with login error information; if not present filter assumes 'shiroLoginFailure'
# authc.failureKeyAttribute = simpleShiroApplicationLoginFailure
[urls]
/login.jsp = authc
/admin/** = authc,roles[admin]
/editor/** = authc
# enable authc filter for all application pages
/ApacheShiroLogin/** = authc
Как вы создаете 'AuthorizationInfo'? –
Я не создаю свой собственный AuthorizationInfo, просто используя значение по умолчанию –