The quickstart archetype is configured with Shiro using the users, roles and permissions defined in the
Shiro is bootstrapped using the following settings to be added near the top of the
<listener> <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> </listener> <filter> <filter-name>ShiroFilter</filter-name> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> </filter> <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Shiro will then read
WEB-INF/shiro.ini file to configure its Realm definitions for authentication and authorization.
Shiro converts permission strings (as found in
WEB-INF/shiro.ini) internally into
WildcardPermission instances, with allow a permissions to be organized hierarchical and with wildcarding.
This meets Isis' requirements well; we define the permission strings as follows:
memberNameis the property, collection or action name.
rindicates that the member is visible
windicates that the member is usable (editable or invokable)
Because these are wildcards, a '*' can be used at any level. Additionally, missing levels assume wildcards.
com.mycompany.myapp:Customer:firstName:r,w # view or edit customer's firstName com.mycompany.myapp:Customer:lastName:r # view customer's lastName only com.mycompany.myapp:Customer:placeOrder:* # view and invoke placeOrder action com.mycompany.myapp:Customer:placeOrder # ditto com.mycompany.myapp:Customer:*:r # view all customer class members com.mycompany.myapp:*:*:r # view-only access for all classes in myapp package com.mycompany.myapp:*:*:* # view/edit for all classes in myapp package com.mycompany.myapp:*:* # ditto com.mycompany.myapp:* # ditto com.mycompany.myapp # ditto * # view/edit access to everything
All edits are reviewed before going live, so feel free to do much more than fix typos or links. If you see a page that could benefit from an entire rewrite, we'd be thrilled to review it. Don't be surprised if we like it so much we ask you for help with other pages :)NOTICE: unless indicated otherwise on the pages in question, all editable content available from apache.org is presumed to be licensed under the Apache License (AL) version 2.0 and hence all submissions to apache.org treated as formal Contributions under the license terms.