shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: Rest resource authorisation
Date Wed, 16 Nov 2011 18:54:39 GMT
Hi Nicolas,

I think your approach is sound - a regular expression matcher would
certainly work!

Les

On Tue, Nov 15, 2011 at 1:34 PM, ngriso <nicolas.griso@gmail.com> wrote:
> Hi,
>
> For the rest resources I expose in my application, I'd like to have
> different permissions based on the id of the resource.
>
> Example:
> for the resource /store/books/123:
> * user1 can update it (i.e run the request PUT /store/books/123 with
> success)
> * user2 cannot (i.e get a 403 when running PUT /store/books/123)
>
> First, I try to use HttpMethodPermissionFilter.
> But with it, I don't have access to the id of the resource.
> If my ini configuration is:
> /store/books/**   rest[books]
> I only get permissions like books:read or books:update.
> But what I'd like is: books:read:123
>
> So I was thinking to use regex to extract the part of the url I'm interessed
> in.
> Example with this configuration:
> /store/books/(.*)    rest[books]
> The filter could extract the group(s) defined in the url, and add them to
> the permission.
>
> What do you think?
> Do you see another solution to do that?
>
> Thanks for your help
> Nicolas
>
> PS: I already write the code to do this. The only difficult part is that the
> PatternMatcher we want to use (here RegExPatternMatcher) is not easily
> injectable into the different filter or chain resolver. If asked I'll start
> another thread about this
>
> --
> View this message in context: http://shiro-developer.582600.n2.nabble.com/Rest-resource-authorisation-tp6998028p6998028.html
> Sent from the Shiro Developer mailing list archive at Nabble.com.

Mime
View raw message