shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Demers (JIRA)" <>
Subject [jira] [Commented] (SHIRO-392) Shiro Extension for JAX-RS
Date Fri, 14 Oct 2016 14:37:20 GMT


Brian Demers commented on SHIRO-392:

I'm adding a (generic) JAX-RS module based [silb/shiro-jersey|]
(after chatting with the author)

The one thing it lacks from the original is the subject injection {{@Auth}} annotation, as
this varies based on the implementation (Jeresy, RestEasy, Apach CXF).
*NOTE:* I started going down the path of creating optional dependencies on the three major
JAX-RS implementations, but I think supporting them directly at this point is outside the
scope of the project, and could be a non-issue if the developer is already using dependency

> Shiro Extension for JAX-RS
> --------------------------
>                 Key: SHIRO-392
>                 URL:
>             Project: Shiro
>          Issue Type: Improvement
>            Reporter: Jan Stamer
> We've added an extension to Shiro which enables Shiro annotations in the JAX-RS implementation
Sun Jersey.
> You can do the following with it:
> @Path("/changelog")
> @RequiresPermissions("repository:read")
> public class ChangelogResourceImpl {
>    @POST
>    @Consumes(MediaType.APPLICATION_JSON)
>    @Path("/addObject")
>    @Override
>    @RequiresPermissions("repository:write")
>    public Response addObject(ObjectJson objectJson) {
>       someService.addObject(object);
>       return Response.ok().build();
>    }
> }
> If the user is not authenticated Http Status Code 401 is returned. If the user has insufficient
privileges Status Code 403 is returned.
> Right now we've only added support for the annoation @RequiresPermissions. The other
Shiro annoations could easily be added in the same fashion. Yet currently that's the only
one we need.

This message was sent by Atlassian JIRA

View raw message