Mapping permissions from user's role or group

Question

I'm asking if there any way to get user's permissions inherited from his assigned roles and groups.

When I assign a permission to a specific role and assign one user to this role I'm unable to get permissions inherited from its role.

 User john = new User("john");
        john.setEmail("john@acme.com");
        john.setFirstName("John");
        john.setLastName("Smith");

        IdentityManager identityManager =  this.partitionManager.createIdentityManager();

        identityManager.add(john);
        identityManager.updateCredential(john, new Password("demo"));

        Role superuser = new Role("superuser");
        identityManager.add(superuser);

         Role superuser = new Role("superuser");
        identityManager.add(superuser);

        // Create group "sales"
        Group sales = new Group("sales");
        identityManager.add(sales);

        RelationshipManager relationshipManager = this.partitionManager.createRelationshipManager();
        PermissionManager permissionManager = partitionManager.createPermissionManager();
        // Make john a member of the "sales" group
        addToGroup(relationshipManager, john, sales);

        // Make mary a manager of the "sales" group
        grantGroupRole(relationshipManager, john, superuser, sales);

        // Grant the "superuser" application role to john
        grantRole(relationshipManager, john, superuser);

       // permissionManager.grantPermission(john, "ticket", "read");
        //permissionManager.grantPermission(sales,"ticket", "read");  
        permissionManager.grantPermission(sales,"ticket", "read");  
        List<Permission> permissionsList=permissionManager.listPermissions(john);
        if (permissionsList==null || permissionsList.isEmpty())
            System.err.println("User John doesn't have a permission list");
        for (Permission per:permissionsList){
            System.out.println("User John permitted: "+per.getOperation()+" on "+per.getResource());
        }

This is the output:

11:38:07,102 ERROR [stderr] (ServerService Thread Pool -- 110) User John doesn't have a permission list

Is there any API to resolve this?

I could be wrong, but I assumed `listPermissions(resource)` would return you a list of assignees with permissions **to** the specified resource (the user "john" in your case), not which permissions that resource has to other resources; — fspinnenhirn, Jan 04 '16 at 22:30
Thanks for reply @greenSocksRock actually I've switch back to Apache shiro, but why not let me try to give your solution a test. — A. Shaheen, Jan 20 '16 at 20:29
If you're still evaluating different security frameworks and need a rich API to retrieve permissions or secured objects, take a look at the open-source [OACC framework](http://oaccframework.org/api-overview.html). A description of how it compares to other security frameworks was just published on [DZone](https://dzone.com/articles/a-different-kind-of-java-security-framework). _(disclosure: I'm co-author and maintainer)_ — fspinnenhirn, Jan 21 '16 at 18:41
Hi I've a question regarding OACC framework , does it supports clustered deployment? — A. Shaheen, Feb 03 '16 at 13:12
Thanks for checking OACC out! _OACC doesn't come with any explicit clustering support._ Independently from your application, OACC uses a RDBMS of your choice as its data store; so in that sense, you can use it in an _otherwise clustered_ environment. If you want the OACC database itself to be clustered, you're dependent on whatever clustering solution you employ and will need to determine if OACC will work in that case or what changes you'd need to make. Let me know if you have any further questions, on the [OACC google group](https://groups.google.com/forum/#!forum/oacc-users). — fspinnenhirn, Feb 03 '16 at 19:50
Thanks @greenSocksRock , sure I'll post my questions there if any. — A. Shaheen, Feb 04 '16 at 06:05

score 0 · Answer 1 · edited Mar 09 '16 at 03:30

Picketlink online reference says:

"For example, let's say that we have a role wich gives read access to a file. If you grant this role to users they are going to inherit all privileges/permissions from the role they were granted."

However if you call directly permissionManager.listPermissions(user) this method doesn´t gives you the permissions inherited from its roles.

You need to call identity.hasPermission("ticket", "read") for it to work (identity is the instance of current user, and it can be obtained by injecting @Inject Identity identity;). In this case the current user will inherits all privileges based on its roles.

Mapping permissions from user's role or group

1 Answers1