Reputation: 55
I am using Apache Shiro for Authentication/Authorization. I am good with the Authentication part using signed JWT. But, as for the auth part I am facing a NULL pointer exception on when accessing the object. Please guide me where I am mistaken...
This class implements RolePermissionResolver from Apache shiro, and whenever a request is fired it needs to pass through the overriden function if the REST request is annotated with @RequiresPermissions() or @RequiresRoles()
@ApplicationScoped
@Default
public class JpaRolePermissionResolver implements RolePermissionResolver {
@Inject
PermissionRoles permissionRoles;
@Override
public Collection<Permission> resolvePermissionsInRole(String roleString) {
/*PermissionRoles permissionRoles = new PermissionRoles();
permissionRoles.getAllPermissionsForRole();*/
permissionRoles.getAllPermissionsForRole();
if(roleString.equals("adminplus")) {
return List.of(new WildcardPermission("canupdate:read"));
} else if(roleString.equals("mod")) {
return List.of(
new WildcardPermission("troopers:read"),
new WildcardPermission("troopers:create"),
new WildcardPermission("troopers:update")
//, ... but not delete.
);
} else if(roleString.equals("user")) {
return List.of(new WildcardPermission("troopers:read"));
}
return List.of();
}
}
public interface IRolePermission extends Serializable {
HashMap<String, PermissionRoles> getAllPermissionsForRole();
}
@Stateless
@LocalBean
public class PermissionRoles implements IRolePermission {
@PersistenceContext(unitName = "default")
EntityManager em;
private String role;
private String permission;
public PermissionRoles() {
}
public PermissionRoles(String role, String permission) {
this.role = role;
this.permission = permission;
}
public String getRole() {
return role;
}
public void setRole(String role) {
this.role = role;
}
public String getPermission() {
return permission;
}
public void setPermission(String permission) {
this.permission = permission;
}
@Override
public HashMap<String, PermissionRoles> getAllPermissionsForRole() {
String sqlQuery = "SELECT er.name as role_name, ARRAY_TO_STRING(ARRAY_AGG(ep.name), ',') as permission_name " +
"FROM ecommerce_roles er " +
"JOIN ecommerce_role_permission erp ON er.id = erp.role_id " +
"JOIN ecommerce_permissions ep ON ep.id = erp.permission_id " +
"WHERE er.status = 1 AND ep.status = 1 " +
"GROUP BY role_name";
Query query = em.createNativeQuery(sqlQuery);
List<Object[]> rolesPermission = query.getResultList();
System.out.println(sqlQuery);
HashMap<String, PermissionRoles> permissionRoles = new HashMap<>();
for(Object[] object : rolesPermission) {
permissionRoles.put((String) object[0],new PermissionRoles((String) object[0], (String) object[1]));
}
return permissionRoles;
}
}
@Inject
PermissionRoles permissionRoles;
@GET
@Produces("text/plain")
@RequiresPermissions("canupdate:read")
public String hello() {
permissionRoles.getAllPermissionsForRole();
return "User resource";
}
Knowing that when calling permissionRoles.getAllPermissionsForRole(); in the REST Request i.e. the hello function is working properly, but not in JpaRolePermissionResolver, any idea why ? please help !
Upvotes: 0
Views: 60