映射用户角色或组的权限

时间:2015-11-03 08:44:34

标签: picketlink

我在问是否有办法让用户的权限继承自他指定的角色和组。

当我为特定角色分配权限并将一个用户分配给此角色时,我无法获得从其角色继承的权限。

 User john = new User("john");
        john.setEmail("john@acme.com");
        john.setFirstName("John");
        john.setLastName("Smith");

        IdentityManager identityManager =  this.partitionManager.createIdentityManager();

        identityManager.add(john);
        identityManager.updateCredential(john, new Password("demo"));

        Role superuser = new Role("superuser");
        identityManager.add(superuser);

         Role superuser = new Role("superuser");
        identityManager.add(superuser);

        // Create group "sales"
        Group sales = new Group("sales");
        identityManager.add(sales);

        RelationshipManager relationshipManager = this.partitionManager.createRelationshipManager();
        PermissionManager permissionManager = partitionManager.createPermissionManager();
        // Make john a member of the "sales" group
        addToGroup(relationshipManager, john, sales);

        // Make mary a manager of the "sales" group
        grantGroupRole(relationshipManager, john, superuser, sales);

        // Grant the "superuser" application role to john
        grantRole(relationshipManager, john, superuser);

       // permissionManager.grantPermission(john, "ticket", "read");
        //permissionManager.grantPermission(sales,"ticket", "read");  
        permissionManager.grantPermission(sales,"ticket", "read");  
        List<Permission> permissionsList=permissionManager.listPermissions(john);
        if (permissionsList==null || permissionsList.isEmpty())
            System.err.println("User John doesn't have a permission list");
        for (Permission per:permissionsList){
            System.out.println("User John permitted: "+per.getOperation()+" on "+per.getResource());
        }

这是输出:

11:38:07,102 ERROR [stderr] (ServerService Thread Pool -- 110) User John doesn't have a permission list

是否有任何API可以解决此问题?

1 个答案:

答案 0 :(得分:0)

Picketlink online reference说:

  

“例如,假设我们有一个角色,它提供对文件的读访问权。如果您将此角色授予用户,他们将从他们被授予的角色继承所有特权/权限。”

但是,如果直接调用permissionManager.listPermissions(user),此方法不会为您提供从其角色继承的权限。

您需要调用identity.hasPermission("ticket", "read")才能使其工作(身份是当前用户的实例,可以通过注入@Inject身份标识来获取;)。在这种情况下,当前用户将根据其角色继承所有权限。