Last active
July 4, 2017 13:33
Star
You must be signed in to star a gist
An example of how to create 'Run As' methods for Apache Isis using Apache Shiro. This example has some references to non existing classes like DashboardService but the concept should be clear though. When 'running as' another user, the permissions (as determined by Shiro) of the other user apply.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@DomainService(nature = NatureOfService.VIEW_MENU_ONLY) | |
@DomainServiceLayout(menuBar = DomainServiceLayout.MenuBar.TERTIARY) | |
public class RunAsService { | |
@ActionLayout(contributed= Contributed.AS_NEITHER) | |
public Dashboard runAs(User user) { | |
SimplePrincipalCollection principals = new SimplePrincipalCollection(user.getUsername(), "jdbcRealm"); // jdbcRealm is realm as configured in Shiro config (shiro.ini) | |
org.apache.shiro.SecurityUtils.getSubject().runAs(principals); | |
log.info("User '"+ SecurityUtil.getRealUsername() +"' now running as '"+ SecurityUtil.getUsername() +"'"); | |
return dashboardService.openDashboard(); | |
} | |
public List<User> choices0RunAs(){ ... } | |
public boolean hideRunAs() { | |
return SecurityUtils.getSubject().isRunAs(); | |
} | |
public User releaseRunAs() { | |
PrincipalCollection principals = org.apache.shiro.SecurityUtils.getSubject().releaseRunAs(); | |
String username = (String)principals.asList().get(0); | |
return usersRepository.findByUsername(username); | |
} | |
public boolean hideReleaseRunAs() { | |
return !SecurityUtils.getSubject().isRunAs(); | |
} | |
@Inject | |
private UsersRepository usersRepository; | |
@Inject | |
private DashboardService dashboardService; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@DomainService(nature = NatureOfService.DOMAIN) | |
public class SecurityUtil { | |
/** | |
* Get the username of the currently logged in user (by which permissions are determined). This could be the user name the real user is running as. | |
* @return | |
*/ | |
public static String getUsername() { | |
return ((String)org.apache.shiro.SecurityUtils.getSubject().getPrincipal()).toLowerCase(); | |
} | |
/** | |
* Get the username of the real currently logged in user. | |
* @return | |
*/ | |
public static String getRealUsername() { | |
return container.getUser().getName().toLowerCase(); | |
} | |
public static boolean isRunAs() { | |
return org.apache.shiro.SecurityUtils.getSubject().isRunAs(); | |
} | |
@Inject | |
private static DomainObjectContainer container; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment