我在问是否有任何方法可以从用户分配的角色和组中获得继承的权限。
当我将权限分配给特定角色并将一个用户分配给该角色时,我无法获得从其角色继承的权限。
User john = new User("john");
john.setEmail("john@acme.com");
john.setFirstName("John");
john.setLastName("Smith");
IdentityManager identityManager = this.partitionManager.createIdentityManager();
identityManager.add(john);
identityManager.updateCredential(john, new Password("demo"));
Role superuser = new Role("superuser");
identityManager.add(superuser);
Role superuser = new Role("superuser");
identityManager.add(superuser);
// Create group "sales"
Group sales = new Group("sales");
identityManager.add(sales);
RelationshipManager relationshipManager = this.partitionManager.createRelationshipManager();
PermissionManager permissionManager = partitionManager.createPermissionManager();
// Make john a member of the "sales" group
addToGroup(relationshipManager, john, sales);
// Make mary a manager of the "sales" group
grantGroupRole(relationshipManager, john, superuser, sales);
// Grant the "superuser" application role to john
grantRole(relationshipManager, john, superuser);
// permissionManager.grantPermission(john, "ticket", "read");
//permissionManager.grantPermission(sales,"ticket", "read");
permissionManager.grantPermission(sales,"ticket", "read");
List<Permission> permissionsList=permissionManager.listPermissions(john);
if (permissionsList==null || permissionsList.isEmpty())
System.err.println("User John doesn't have a permission list");
for (Permission per:permissionsList){
System.out.println("User John permitted: "+per.getOperation()+" on "+per.getResource());
}
这是输出:
11:38:07,102 ERROR [stderr] (ServerService Thread Pool -- 110) User John doesn't have a permission list
是否有任何API来解决此问题?
Picketlink在线参考说:
"例如,假设我们有一个角色可以对文件进行读取访问。如果您将此角色授予用户,他们将继承所授予角色的所有特权/权限。"
但是,如果您直接调用permissionManager.listPermissions(user)
,则此方法不会为您提供从其角色继承的权限。
您需要调用identity.hasPermission("ticket", "read")
才能使其工作(identity是当前用户的实例,可以通过注入@Inject-identity identity;来获得)。在这种情况下,当前用户将继承基于其角色的所有权限。