shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: HTTP method-dependent Basic authentication
Date Fri, 15 Oct 2010 18:42:16 GMT
Ah, I understand now - sorry for my misinterpretation.

But I wonder if this isn't better handled some other way - like in the
request matching logic that determines which filter chain to execute.
If it is done via request matching, we don't need to duplicate this
Method-based behavior across all filters that might need it.

For example:

/rest/**,GET = anon, foo, bar
/rest/**,POST = authcBasic, perms[blah]

or even more robust, to allow for other matching criteria later (e.g.
header values?)

rest/**[method:GET,blah:x] = anon, foo, bar

This feels a little more robust to me than perhaps duplicating this
stuff across the HttpMethodPermissionFilter or Authc filters...

Thoughts?

Les

Mime
View raw message