Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
An example of how to create 'Run As' methods for Apache Isis using Apache Shiro. This example has some references to non existing classes like DashboardService but the concept should be clear though. When 'running as' another user, the permissions (as determined by Shiro) of the other user apply.
@DomainService(nature = NatureOfService.VIEW_MENU_ONLY)
@DomainServiceLayout(menuBar = DomainServiceLayout.MenuBar.TERTIARY)
public class RunAsService {
@ActionLayout(contributed= Contributed.AS_NEITHER)
public Dashboard runAs(User user) {
SimplePrincipalCollection principals = new SimplePrincipalCollection(user.getUsername(), "jdbcRealm"); // jdbcRealm is realm as configured in Shiro config (shiro.ini)
org.apache.shiro.SecurityUtils.getSubject().runAs(principals);
log.info("User '"+ SecurityUtil.getRealUsername() +"' now running as '"+ SecurityUtil.getUsername() +"'");
return dashboardService.openDashboard();
}
public List<User> choices0RunAs(){ ... }
public boolean hideRunAs() {
return SecurityUtils.getSubject().isRunAs();
}
public User releaseRunAs() {
PrincipalCollection principals = org.apache.shiro.SecurityUtils.getSubject().releaseRunAs();
String username = (String)principals.asList().get(0);
return usersRepository.findByUsername(username);
}
public boolean hideReleaseRunAs() {
return !SecurityUtils.getSubject().isRunAs();
}
@Inject
private UsersRepository usersRepository;
@Inject
private DashboardService dashboardService;
}
@DomainService(nature = NatureOfService.DOMAIN)
public class SecurityUtil {
/**
* Get the username of the currently logged in user (by which permissions are determined). This could be the user name the real user is running as.
* @return
*/
public static String getUsername() {
return ((String)org.apache.shiro.SecurityUtils.getSubject().getPrincipal()).toLowerCase();
}
/**
* Get the username of the real currently logged in user.
* @return
*/
public static String getRealUsername() {
return container.getUser().getName().toLowerCase();
}
public static boolean isRunAs() {
return org.apache.shiro.SecurityUtils.getSubject().isRunAs();
}
@Inject
private static DomainObjectContainer container;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment