In shiro.ini
I declare the following SQL-queries:
jdbcRealm.authenticationQuery = SELECT password FROM Person WHERE email = ?
jdbcRealm.userRolesQuery = SELECT id FROM SecurityRole WHERE id = (SELECT securityRole_id FROM Person WHERE email = ?)
jdbcRealm.permissionsQuery = SELECT action FROM SecurityPermission WHERE id = (SELECT permissions_id FROM securityrole_securitypermission WHERE securityrole_id = ?)
When I replace the ?
in the last query with 1
an run it on the db it returns the expected result: rest:*
But SecurityUtils.getSubject().isPermitted(new WildcardPermission("rest"));
will return false
although the logged in user has an assigned role with id = 1, securityrole_securitypermission
has an entry with ids 1 and 1, and securitypermission
with id 1 has action
= "rest:*".
jdbcRealm.permissionsLookupEnabled = true
did the job. ;)