Skip to content

shiro-organization/buji-pac4j

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

225 Commits
src
src
 
 
travis
travis
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

buji-pac4j implements dynamic authority

The authority of filter was defied at properties in most project of pac4j, I need a dynamic authority of request'url which can load data from database, so I changed the project to achieve the function.

You should ensure that the login config works well, when you read next content

Inject the authority of the user

  • Create a abstract class CustomAdminAuthGenerator and extends class AuthorizationGenerator
  • Override generate method
  • Create a abstract method initUserPermissions and invoke it in generate
public abstract class CustomAdminAuthGenerator implements AuthorizationGenerator<CommonProfile> {

    @Override
    public CommonProfile generate(final WebContext context, final CommonProfile profile) {
        profile.addPermissions(this.initUserPermissions(profile.getId()));
        profile.clearSensitiveData(); // remove the access token to reduce size and make the remember-me work
        profile.setRemembered(true);
        return profile;
    }
    
    public abstract List<String> initUserPermissions(String credentials);
}

Inject the authority of the url

  • It has the same steps as before
  • There has a method isAnyAccessAllowed in the follow class, its in order to change need all to any one of the the permissions
public abstract class CustomPermissionsAuthorizationFilter extends PermissionsAuthorizationFilter {

    @Override
    public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {
        // use your services to load permissions
        HttpServletRequest req = (HttpServletRequest) request;
        List<String> iniPermissions = new ArrayList<>(Arrays.asList((String[]) mappedValue));

        iniPermissions.addAll(this.initDynamicPermissions(req.getRequestURI()));
        String[] perms = iniPermissions.toArray(new String[0]);

        return this.isAnyAccessAllowed(request, response, perms);
    }

    public abstract List<String> initDynamicPermissions(String requestUri);
}

Other useful tips

  • You can change your callback url to previous instead of a static url, there is example in io.buji.pac4j.custom.CustomLogoutFilter
  • Pac4jRealm can add your own information to Pac4jSubjectFactory
  • SpringBeanAutowiringSupport.processInjectionBasedOnCurrentContext(this); can resolve the problem of @Autowire

you can see the demo dynamic-pac4j-demo for this project

About

pac4j security library for Shiro: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

www.pac4j.org

Topics

pac4j

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

20 tags

Packages

No packages published

Languages

  • Java 99.3%
  • Shell 0.7%