Ser*_*eim 4 java security shiro
我正在尝试为Apache Shiro创建一个简单的授权领域以进行测试:
公共类MyAuthRealm扩展了AuthorizingRealm {
@Override
受保护的AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection主体){
SimpleAuthorizationInfo sai =新的SimpleAuthorizationInfo();
sai.addRole(“ kota”);
sai.addStringPermission(“ koko:*:view”);
回赛
}
@Override
受保护的AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken令牌)抛出AuthenticationException {
返回null;
}
}
如您所见,它并不关心用户是谁-它只是返回一个角色和特定的权限。
现在,我尝试在以下片段中进行测试:
if(SecurityUtils.getSubject()。hasRole(“ kota”)){
out.write(“ kota”);
}
if(SecurityUtils.getSubject()。hasRole(“ kota2”)){
out.write(“ kota2”);
}
if(SecurityUtils.getSubject()。isPermitted(“ koko:toto:view”)){
out.write(“ koko”);
}
if(SecurityUtils.getSubject()。isPermitted(“ koko2:toto:view”)){
out.write(“ koko2”);
}
我收到以下输出
kota koko koko2
:(
因此,似乎已正确配置了角色(由于用户仅具有角色kota),但权限却未配置(为什么打印koko2 ???)!
有人可以向我解释我做错了什么吗?
TIA!
Are you just using this realm? You may have multiple realms configured; try this to see what realms you currently have:
for (Realm realm : ((RealmSecurityManager) SecurityUtils.getSecurityManager()).getRealms())
System.out.println(realm.getName());
Your security manager may ask multiple realms for authorization info; which may be the cause of this problem.