GithubHelp home page GithubHelp logo

deluan / shiro-faces Goto Github PK

View Code? Open in Web Editor NEW
29.0 8.0 28.0 161 KB

JSF 2 TagLib for Apache Shiro. This taglib reimplements all original JSP tags as their Facelets equivalent, so they can be used in JSF projects.

Home Page: https://deluan.github.io/shiro-faces/

License: Apache License 2.0

Java 100.00%

shiro-faces's Introduction

To use it in your maven project, add the following repository to your pom.xml:

    <repositories>
            <repository>
                <snapshots>
                    <enabled>false</enabled>
                </snapshots>
                <id>bintray-deluan-maven</id>
                <name>bintray</name>
                <url>http://dl.bintray.com/deluan/maven</url>
            </repository>
    </repositories>

And add the jar dependency:

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-faces</artifactId>
        <version>2.0</version>
    </dependency>

shiro-faces's People

Contributors

deluan avatar

Stargazers

harp07 avatar Daniel Hernández avatar geray avatar avatar Arthur Gregório avatar Cory Krol avatar Phellipe Ribeiro avatar Eduardo Flores avatar 丁南根 avatar Nevzat Akkaya avatar Thaylon Guedes Santos avatar avatar Kenneth Bove avatar marsyang1 avatar Claudemiro A F Neto avatar LiYaFeng avatar Thiago Santos avatar Matthias Lohr avatar avatar Ellison avatar John Yeary avatar Fabrício Massula avatar Jhony Alceu Pereira avatar Jeff Skjonsby avatar Chin Huang avatar avatar Daniel K Lyons avatar Vanildo Vanni avatar Jordan avatar

Watchers

LiYaFeng avatar John Yeary avatar Daniel O'Leary avatar avatar James Cloos avatar ren avatar skychen avatar avatar

Forkers

bodyjar quasarz centonni wkq361138880 cnopens slhrkc jyeary jesusarenasm rafasordi asmama hamzaouekdi marcelomrwin thaylongs vi08111984 dingnangen the-sloth-dev wms82hm natros daniloandrade maubass2891 ilias500 raupachz vijayeluri skychen1900 jdhwpgmbca rourke101

shiro-faces's Issues

Official support?

Hi there,

have you tried contacting the committers of Apache Shiro? It would be a nice add to the official repo.

I am also using JavaServer Faces and Shiro and played around with implementing some custom components. Glad you already did the work. Just found you on accident.

JSP are deprecated, this is the way to go.

XSS vulnerable

<shiro:principal property="name"/> suffers from XSS. Is it possible to enable some sort of "escape='true'" like in JSF?

Composite component woes

This looked like a reasonable way to implement a login/logout link:

  <shiro:guest>
    Welcome, guest! <h:link outcome="pretty:login" value="Login"/>
  </shiro:guest>
  <shiro:authenticated>
    Welcome back, <shiro:principal/>! 
    <h:commandLink value="Logout" action="#{authenticationUI.logout}"/>
  </shiro:authenticated>

This works perfectly in an ordinary Facelets page. But if I move it into a composite component, it works fine except the <shiro:principal/> tag displays the empty string.

Thanks!

<shiro:hasPermission> breaks action attribute of nested component

I have this code in the UI:

<shiro:hasPermission name="course:delete:#{courseUI.course.id}">
  <h:form>
    <h:commandButton 
      value="Delete #{courseUI.shortCode}" 
      action="#{courseUI.delete}"/>
  </h:form>
</shiro:hasPermission>

When the button is rendered, clicking it causes a page reload, but nothing happens in the backend--my delete method is never invoked. Swapping the order of <h:form> and <shiro:hasPermission> has no effect on the problem.

Switching to this implementation does work, however:

<h:form>
  <h:commandButton 
    value="Delete #{courseUI.shortCode}" 
    action="#{courseUI.delete}"
    rendered="#{courseUI.canDelete}"/>
</h:form>

Going against this backend:

public String delete() {
  SecurityUtils.getSubject().checkPermission("course:delete:" + course.getId());
  user.removeCourse(course);
  return "pretty:home";
}

public boolean getCanDelete() {
  return SecurityUtils.getSubject().isPermitted("course:delete:" + course.getId());
}

So it suggests that the <shiro:hasPermission> tag is somehow interfering with the action method of the nested <h:commandButton>.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.