I would like to get a List from all permissions from a Subject.
In my use case I would like to store all Permissions in a list to cache it.
I have a web application with a Menu on my left side.
For each Menu Item I would like to check if my Subject is permitted for it.
Currently this will take a lot of time to check for approx. 300 Menu items it.
Therefore I would like to store the List<String> permissonList it in the session.
My config is like this:
# Configure JDBC realm datasource.
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.authenticationQuery = select password FROM user where UPPER(email)=UPPER(?) and status = 'ACTIVE'
jdbcRealm.userRolesQuery = SELECT r.unique_name FROM permission_role_employee pe JOIN permission_role r ON pe.permission_role_fk = r.permission_role_id JOIN employee e ON pe.employee_fk = e.employee_id JOIN user u ON e.user_fk = u.user_id WHERE UPPER(u.email)=UPPER(?) AND pe.delete_flag = false
jdbcRealm.permissionsQuery = SELECT p.unique_name FROM permission_role_object po JOIN permission p ON po.permission_fk = p.permission_id JOIN permission_role r ON po.permission_role_fk = r.permission_role_id WHERE UPPER(r.unique_name)=UPPER(?) AND po.delete_flag = false
jdbcRealm.dataSource = $ds
jdbcRealm.credentialsMatcher = $sha512Matcher
# Realm for Token Login
tcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
tcRealm.permissionsLookupEnabled = true
tcRealm.authenticationQuery = SELECT token FROM api_token WHERE token = ?
tcRealm.userRolesQuery = SELECT r.unique_name FROM permission_role_employee pe JOIN permission_role r ON pe.permission_role_fk = r.permission_role_id JOIN employee e ON pe.employee_fk = e.employee_id JOIN api_token t ON t.employee_fk = e.employee_id WHERE UPPER(t.token)=UPPER(?) AND t.delete_flag = false
tcRealm.permissionsQuery = SELECT p.unique_name FROM permission_role_object po JOIN permission p ON po.permission_fk = p.permission_id JOIN permission_role r ON po.permission_role_fk = r.permission_role_id WHERE UPPER(r.unique_name)=UPPER(?) AND po.delete_flag = false
tcRealm.dataSource = $ds
So I´m using the org.apache.shiro.realm.jdbc.JdbcRealm. Is know there is a function like this:
AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals){...}
And in this function there is a:
Set<String> permissions = null;
This information is exactly what I need to store it in my Session.
How can I get this information?
The list of permission will be cached automatically if you configure a cache manager: https://shiro.apache.org/caching.html
This information is not exposed at a higher level. That said, if you wanted to work around this, and you know in advance all the permission strings possible in your application, you could do something like this:
https://shiro.apache.org/authorization.html#Authentication-AuthorizingSubjects-ProgrammaticAuthorization
NOTE: This workaround would only work for basic cases. Enabling a Cache Manager will work in all cases.