shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tauren Mills <yowza...@gmail.com>
Subject Re: Integration with RESTful framework
Date Wed, 20 Jan 2010 21:11:45 GMT
Hi Brian,

Thanks for your response.  I'm getting back to this after dealing with other
higher priority stuff first.

Your approach sounds perfect.  I'm using a permissions based model as well,
so mapping GET to read, etc. will work well.

I'm glad to hear you will share your code with Shiro and look forward to it
being integrated.  However, I'm unable to view it because the link that you
posted in the other thread requires authentication.  How can I gain access
to it?
https://svn.sonatype.org/spice/trunk/plexus-security/security-system/src/main/java/org/sonatype/security/web/filter/authz/HttpVerbMappingAuthorizationFilter.java

Also, I have a few questions for you regarding your implementation.  How
does your system know which user is requesting a REST resource?  Does a user
login, receive a shiro cookie, and then hit a RESTful url, and that cookie
is used to know which user it is?  Or are you doing something else?

Thanks,
Tauren




On Wed, Dec 2, 2009 at 10:52 AM, Brian Demers <brian.demers@gmail.com>wrote:

> For Nexus what we did is we mapped the request method to a permission, so
> GET == read.
> so the permission looks something like: something:read.
>
> There is a similar post in the archive:
>
> http://markmail.org/message/spd4esrpyzskfjfs#query:Declaratively%20Defining%20Authorization%20Rules+page:1+mid:phoffgneifvd4l7p+state:results
>
>
>
> On Wed, Dec 2, 2009 at 12:44 PM, lev <dilraj.singh@amdocs.com> wrote:
>
>>
>> Hi Tauren,
>>
>> I am also doing same thing, if you can be in my contact it will be great,
>> we
>> can help each other htink it out.
>>
>> Regards,
>>
>>
>> Tauren Mills-3 wrote:
>> >
>> > I have an application built with spring, hibernate, shiro, wicket, and
>> > jquery. I'm looking to add a RESTful framework to the mix, such as
>> jersey
>> > or
>> > restlet.
>> >
>> > Although the main UI is built and managed using Wicket, there will be
>> > several jQuery components embedded in the UI that need to send and
>> receive
>> > JSON data via RESTful web services.  These same web services will also
>> be
>> > used by iPhone and Android applications, as well as other potential
>> > clients.
>> >
>> > When a user logs into my application, they are authenticated by shiro
>> and
>> > get a cookie.  This cookie is used to identify them for all future
>> > requests
>> > so that the application knows what features and data they are authorized
>> > to
>> > see.  Most users use the remember me feature and rarely have to log in
>> > again.
>> >
>> > My hope is that the RESTful service will automatically use that same
>> > authentication cookie so that the web services only serve appropriate
>> data
>> > for that user.  Also, the plan is for the mobile apps (iphone/android)
>> to
>> > have a UI for username/password and that it will then authenticate via a
>> > web
>> > service call and get a cookie to use on subsequent requests as well.
>> >
>> > I'm hoping someone can confirm that this approach will work, or advise
>> me
>> > on
>> > other approaches before I move forward.
>> >
>> > Thanks!
>> > Tauren
>> >
>> >
>>
>> --
>> View this message in context:
>> http://n2.nabble.com/Integration-with-RESTful-framework-tp4082288p4101151.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>
>

Mime
View raw message