List of usage examples for org.apache.shiro.authz SimpleAuthorizationInfo getStringPermissions
public Set<String> getStringPermissions()
From source file:com.stormpath.shiro.realm.ApplicationRealm.java
License:Apache License
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { assertState();/*from ww w . ja v a 2s . co m*/ SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); String href = getAccountHref(principals); //TODO resource expansion (account + groups in one request instead of two): Account account = getClient().getDataStore().getResource(href, Account.class); GroupList groups = account.getGroups(); for (Group group : groups) { Set<String> groupRoles = resolveRoles(group); for (String roleName : groupRoles) { info.addRole(roleName); } Set<Permission> permissions = resolvePermissions(group); for (Permission permission : permissions) { info.addObjectPermission(permission); } } //since 0.3: Set<String> accountRoles = resolveRoles(account); for (String roleName : accountRoles) { info.addRole(roleName); } //since 0.3: Set<Permission> accountPermissions = resolvePermissions(account); for (Permission permission : accountPermissions) { info.addObjectPermission(permission); } if (CollectionUtils.isEmpty(info.getRoles()) && CollectionUtils.isEmpty(info.getObjectPermissions()) && CollectionUtils.isEmpty(info.getStringPermissions())) { //no authorization data associated with the Account return null; } return info; }
From source file:com.sxdx.lol.shiro.ShiroDbRealm.java
License:Open Source License
/** * ???/*from w w w. ja va 2 s .c om*/ * @param principals * @return ?? */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { Set<String> perms = userService.getCurrentStringPermissions(); if (perms == null) { return null; } SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); authorizationInfo.addStringPermissions(perms); logger.debug("shiro has perms:" + authorizationInfo.getStringPermissions().toString()); return authorizationInfo; }
From source file:org.cgiar.ccafs.ap.security.APCustomRealm.java
License:Open Source License
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); userID = (Integer) principals.getPrimaryPrincipal(); List<UserRole> roles = userRoleManager.getUserRolesByUserID(String.valueOf(userID)); List<Map<String, UserRole>> projectRoles = new ArrayList<>(); List<Integer> liaisonInstitutionIDs = new ArrayList<>(); if (roles.size() == 0) { roles.add(userRoleManager.getUserRole(8)); // Getting the Guest Role. }/*from w ww .ja v a2 s . c o m*/ // Get the roles general to the platform for (UserRole role : roles) { authorizationInfo.addRole(role.getAcronym()); switch (role.getId()) { case APConstants.ROLE_ADMIN: for (String permission : role.getPermissions()) { authorizationInfo.addStringPermission(permission); } break; case APConstants.ROLE_FINANCING_PROJECT: for (String permission : role.getPermissions()) { permission = permission.replace("projects:", "projects:*:"); authorizationInfo.addStringPermission(permission); } break; case APConstants.ROLE_MANAGEMENT_LIAISON: case APConstants.ROLE_COORDINATING_UNIT: projectRoles.add(userRoleManager.getManagementLiaisonProjects(userID)); break; case APConstants.ROLE_PROJECT_LEADER: projectRoles.add(userRoleManager.getProjectLeaderProjects(userID)); break; case APConstants.ROLE_EXTERNAL_EVALUATOR: projectRoles.add(userRoleManager.getProjectExternalEvaluator(userID)); break; case APConstants.ROLE_PROGRAM_DIRECTOR_EVALUATOR: projectRoles.add(userRoleManager.getProjectProgramDirector(userID)); break; case APConstants.ROLE_PROJECT_COORDINATOR: projectRoles.add(userRoleManager.getProjectCordinatorProjects(userID)); break; case APConstants.ROLE_CONTACT_POINT: projectRoles.add(userRoleManager.getContactPointProjects(userID)); liaisonInstitutionIDs.addAll(userRoleManager.getLiaisonInstitutionID(userID)); break; case APConstants.ROLE_REGIONAL_PROGRAM_LEADER: case APConstants.ROLE_FLAGSHIP_PROGRAM_LEADER: liaisonInstitutionIDs.addAll(userRoleManager.getLiaisonInstitutionID(userID)); for (Integer liaisonInstitutionID : liaisonInstitutionIDs) { final LiaisonInstitution currentLiaisonInstitution = liaisonInstitutionManager .getLiaisonInstitution(liaisonInstitutionID); if (currentLiaisonInstitution.getIpProgram() == null) { currentLiaisonInstitution.setIpProgram("1"); } projectRoles.add(userRoleManager .getProgramProjects(Integer.parseInt(currentLiaisonInstitution.getIpProgram()))); } break; } } boolean addPermission = true; // Adding the permissions for each role exactly as they come from the database: for (UserRole role : roles) { for (String myPermission : role.getPermissions()) { addPermission = true; if (myPermission.startsWith("planning:projects:")) { if ((config.isPlanningClosed() && !role.getId().equals(APConstants.ROLE_ADMIN))) { addPermission = false; } } if (myPermission.startsWith("reporting:projects:")) { if ((config.isReportingClosed() && !role.getId().equals(APConstants.ROLE_ADMIN))) { addPermission = false; } } if (addPermission) { authorizationInfo.addStringPermission(myPermission); } } } // Converting those general roles into specific for the PROJECTS where they are able to edit. for (Map<String, UserRole> mapRoles : projectRoles) { for (Map.Entry<String, UserRole> entry : mapRoles.entrySet()) { String projectID = entry.getKey(); UserRole role = entry.getValue(); for (String permission : role.getPermissions()) { // Add the project identifier to the permission only if the permission is not at project level. // The following permission will be ignored: planning:projects:5:description:update // if (!permission.matches("((?:project:[\0-9]{1,10}:)")) { if (permission.contains(":projects:")) { permission = permission.replace("projects:", "projects:" + projectID + ":"); } addPermission = true; if (permission.startsWith("planning:projects:")) { if ((config.isPlanningClosed() && !role.getId().equals(APConstants.ROLE_ADMIN))) { addPermission = false; } } if (permission.startsWith("reporting:projects:")) { if ((config.isReportingClosed() && !role.getId().equals(APConstants.ROLE_ADMIN))) { addPermission = false; } } if (addPermission) { authorizationInfo.addStringPermission(permission); } // } } } } if (authorizationInfo.getStringPermissions() != null) { // Converting those general roles into specific for the SYNTHESIS where they are able to edit. List<String> newPermissions = new ArrayList<>(); for (String permission : authorizationInfo.getStringPermissions()) { for (int liaisonInstitutionID : liaisonInstitutionIDs) { if (permission.startsWith("reporting:synthesis:")) { newPermissions .add(permission.replace("synthesis:", "synthesis:" + liaisonInstitutionID + ":")); } } } authorizationInfo.addStringPermissions(newPermissions); } if (!config.isClosed()) { // Getting the specific roles based on the table project_roles. List<ProjectUserRole> projectSpecificUserRoles = projectSpecificUserRoleManager .getProjectSpecificUserRoles(userID); // Adding the specific project roles to the user. for (ProjectUserRole projectUserRole : projectSpecificUserRoles) { for (String permission : projectUserRole.getUserRole().getPermissions()) { if (permission.contains(":projects:")) { permission = permission.replace("projects:", "projects:" + projectUserRole.getProjectID() + ":"); } authorizationInfo.addStringPermission(permission); } } } return authorizationInfo; }
From source file:StormpathShiro.src.main.java.com.stormpath.shiro.realm.ApplicationRealm.java
License:Apache License
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { assertState();/* ww w .j a va 2s . c o m*/ SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); String href = getAccountHref(principals); //TODO resource expansion (account + groups in one request instead of two): Account account = getClient().getDataStore().getResource(href, Account.class); GroupList groups = account.getGroups(); for (Group group : groups) { Set<String> groupRoles = resolveRoles(group); for (String roleName : groupRoles) { info.addRole(roleName); } Set<Permission> permissions = resolvePermissions(group); for (Permission permission : permissions) { info.addObjectPermission(permission); } } //since 0.3: Set<String> accountRoles = resolveRoles(account); for (String roleName : accountRoles) { info.addRole(roleName); } //since 0.3: Set<Permission> accountPermissions = resolvePermissions(account); for (Permission permission : accountPermissions) { info.addObjectPermission(permission); } if (CollectionUtils.isEmpty(info.getRoles()) && CollectionUtils.isEmpty(info.getObjectPermissions()) && CollectionUtils.isEmpty(info.getStringPermissions())) { //no authorization data associated with the Account return null; } return info; }