da1474acd0a8f94bc1294a72a805433eaed2e5a3
wiki/usermanagement.md
| ... | ... | @@ -87,19 +87,20 @@ securityManager.cacheManager = $cacheManager |
| 87 | 87 | In addition to URL-based security that is configured in `shiro.ini`, using bundles can do two more things: |
| 88 | 88 | |
| 89 | 89 | * Use `SecurityUtils.getSubject()` in server-side code to obtain the current subject on whose behalf the call is being executed. This allows the application to check for roles and permissions, as in |
| 90 | - |
|
| 90 | +<pre> |
|
| 91 | 91 | if (SecurityUtils.getSubject().checkRole("some-role")) { |
| 92 | 92 | ... // do something for which the subject must have role "some-role" |
| 93 | 93 | } else { |
| 94 | 94 | ... // throw some security exception or simply don't carry out the transaction |
| 95 | 95 | } |
| 96 | +</pre> |
|
| 96 | 97 | |
| 97 | 98 | * Use the `SecurityService` API to store and retrieve data such as preferences or settings and work with the user base, including creating, modifying and deleting user accounts and manipulating their roles. The `SecurityService` registers itself with the OSGi registry upon bundle activation. |
| 98 | - |
|
| 99 | +<pre> |
|
| 99 | 100 | ServiceTracker<SecurityService, SecurityService> tracker = new ServiceTracker<>(context, SecurityService.class, /* customizer */ null); |
| 100 | 101 | tracker.open(); |
| 101 | 102 | SecurityService securityService = tracker.waitForService(0); |
| 102 | - |
|
| 103 | +</pre> |
|
| 103 | 104 | The security service offers methods such as `addSetting`, `setSetting` and `getSetting` to manage name/value pairs. The settings API is typed in the sense that when registering a setting |
| 104 | 105 | |
| 105 | 106 | #### com.sap.sse.security.userstore.mongodb |