Skip to content

Instantly share code, notes, and snippets.

@erikdehair
Last active July 4, 2017 13:33
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save erikdehair/efa3005440ca982cca41ebe5347e82d8 to your computer and use it in GitHub Desktop.
An example of how to create 'Run As' methods for Apache Isis using Apache Shiro. This example has some references to non existing classes like DashboardService but the concept should be clear though. When 'running as' another user, the permissions (as determined by Shiro) of the other user apply.
@DomainService(nature = NatureOfService.VIEW_MENU_ONLY)
@DomainServiceLayout(menuBar = DomainServiceLayout.MenuBar.TERTIARY)
public class RunAsService {
@ActionLayout(contributed= Contributed.AS_NEITHER)
public Dashboard runAs(User user) {
SimplePrincipalCollection principals = new SimplePrincipalCollection(user.getUsername(), "jdbcRealm"); // jdbcRealm is realm as configured in Shiro config (shiro.ini)
org.apache.shiro.SecurityUtils.getSubject().runAs(principals);
log.info("User '"+ SecurityUtil.getRealUsername() +"' now running as '"+ SecurityUtil.getUsername() +"'");
return dashboardService.openDashboard();
}
public List<User> choices0RunAs(){ ... }
public boolean hideRunAs() {
return SecurityUtils.getSubject().isRunAs();
}
public User releaseRunAs() {
PrincipalCollection principals = org.apache.shiro.SecurityUtils.getSubject().releaseRunAs();
String username = (String)principals.asList().get(0);
return usersRepository.findByUsername(username);
}
public boolean hideReleaseRunAs() {
return !SecurityUtils.getSubject().isRunAs();
}
@Inject
private UsersRepository usersRepository;
@Inject
private DashboardService dashboardService;
}
@DomainService(nature = NatureOfService.DOMAIN)
public class SecurityUtil {
/**
* Get the username of the currently logged in user (by which permissions are determined). This could be the user name the real user is running as.
* @return
*/
public static String getUsername() {
return ((String)org.apache.shiro.SecurityUtils.getSubject().getPrincipal()).toLowerCase();
}
/**
* Get the username of the real currently logged in user.
* @return
*/
public static String getRealUsername() {
return container.getUser().getName().toLowerCase();
}
public static boolean isRunAs() {
return org.apache.shiro.SecurityUtils.getSubject().isRunAs();
}
@Inject
private static DomainObjectContainer container;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment