Hi --
I am upgrading to Shiro 1.2 and have the following problem. In the code, I
determine the role of an arbitrary user by calling this method and then
doing a hasRole(...):
public Subject getSubjectByLogin(final String login) {
PrincipalCollection principals = new
SimplePrincipalCollection(login,
REALM_NAME);
return new
Subject.Builder().principals(principals).buildSubject();
}
It worked fine with Shiro 1.1. With Shiro 1.2, searching through the forum,
I saw a similar issue and changed the method to use WebSubject:
public Subject getSubjectByLogin(final String login) {
PrincipalCollection principals = new
SimplePrincipalCollection(login,
REALM_NAME);
final FacesContext faces = FacesContext.getCurrentInstance();
HttpServletResponse resp =
(HttpServletResponse)faces.getExternalContext().getResponse();
HttpServletRequest reqs =
(HttpServletRequest)faces.getExternalContext().getRequest();
WebSubject.Builder b = new WebSubject.Builder(reqs, resp);
return b.principals(principals).buildSubject();
}
This worked better but it has the side effect of changing the Subject object
of the logged in user to the one was being checked. The effect is that any
subsequent click takes me to a accessDenied page because the changed subject
has lesser privledges.
So... can you comment on how to retrieve the role of an arbitrary user?
Thanks,
Dan
PS. I am still wanting to implement Guice support but had to back off on
that until this upgrade issue was resolved! ;|
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Subject-being-changed-tp7370203p7370203.html
Sent from the Shiro User mailing list archive at Nabble.com.
