Mailing-List: contact shiro-user-help@incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: shiro-user@incubator.apache.org
Received-SPF: pass (athena.apache.org: domain of yowzator@gmail.com designates
 209.85.160.41 as permitted sender)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=CcWZNr1JaXUWQtA3fkpcaK7fLTn3383ztXqTAljbQoO2AHYSHvVRchngLliU52NCaf
         v2HzG8SV4HO7g8ccgl4wEOYp/HXCtIYppE+0mOHgH7RDPl+mAeNgL0cCbZNdd88m+Fw6
         VYeQ1EuhPx1n+AAVLa7F32Y9tJyM6QUxIE73k=
MIME-Version: 1.0
In-Reply-To: <de2e68330912021052i4e2b495ekc6fc37a394e188b5@mail.gmail.com>
References: <95773c800911290140m669dc1dbt11fc46f429e5a305@mail.gmail.com>
	 <1259775887625-4101151.post@n2.nabble.com>
	 <de2e68330912021052i4e2b495ekc6fc37a394e188b5@mail.gmail.com>
Date: Wed, 20 Jan 2010 13:11:45 -0800
Message-ID: <95773c801001201311j75fd38f0mf2bd4ec709189d17@mail.gmail.com>
Subject: Re: Integration with RESTful framework
From: Tauren Mills <yowzator@gmail.com>
To: shiro-user@incubator.apache.org
Content-Type: multipart/alternative; boundary=00504502acada949de047d9f08c7

--00504502acada949de047d9f08c7
Content-Type: text/plain; charset=ISO-8859-1

Hi Brian,

Thanks for your response.  I'm getting back to this after dealing with other
higher priority stuff first.

Your approach sounds perfect.  I'm using a permissions based model as well,
so mapping GET to read, etc. will work well.

I'm glad to hear you will share your code with Shiro and look forward to it
being integrated.  However, I'm unable to view it because the link that you
posted in the other thread requires authentication.  How can I gain access
to it?
https://svn.sonatype.org/spice/trunk/plexus-security/security-system/src/main/java/org/sonatype/security/web/filter/authz/HttpVerbMappingAuthorizationFilter.java

Also, I have a few questions for you regarding your implementation.  How
does your system know which user is requesting a REST resource?  Does a user
login, receive a shiro cookie, and then hit a RESTful url, and that cookie
is used to know which user it is?  Or are you doing something else?

Thanks,
Tauren


On Wed, Dec 2, 2009 at 10:52 AM, Brian Demers <brian.demers@gmail.com>wrote:

> For Nexus what we did is we mapped the request method to a permission, so
> GET == read.
> so the permission looks something like: something:read.
>
> There is a similar post in the archive:
>
> http://markmail.org/message/spd4esrpyzskfjfs#query:Declaratively%20Defining%20Authorization%20Rules+page:1+mid:phoffgneifvd4l7p+state:results
>
>
>
> On Wed, Dec 2, 2009 at 12:44 PM, lev <dilraj.singh@amdocs.com> wrote:
>
>>
>> Hi Tauren,
>>
>> I am also doing same thing, if you can be in my contact it will be great,
>> we
>> can help each other htink it out.
>>
>> Regards,
>>
>>
>> Tauren Mills-3 wrote:
>> >
>> > I have an application built with spring, hibernate, shiro, wicket, and
>> > jquery. I'm looking to add a RESTful framework to the mix, such as
>> jersey
>> > or
>> > restlet.
>> >
>> > Although the main UI is built and managed using Wicket, there will be
>> > several jQuery components embedded in the UI that need to send and
>> receive
>> > JSON data via RESTful web services.  These same web services will also
>> be
>> > used by iPhone and Android applications, as well as other potential
>> > clients.
>> >
>> > When a user logs into my application, they are authenticated by shiro
>> and
>> > get a cookie.  This cookie is used to identify them for all future
>> > requests
>> > so that the application knows what features and data they are authorized
>> > to
>> > see.  Most users use the remember me feature and rarely have to log in
>> > again.
>> >
>> > My hope is that the RESTful service will automatically use that same
>> > authentication cookie so that the web services only serve appropriate
>> data
>> > for that user.  Also, the plan is for the mobile apps (iphone/android)
>> to
>> > have a UI for username/password and that it will then authenticate via a
>> > web
>> > service call and get a cookie to use on subsequent requests as well.
>> >
>> > I'm hoping someone can confirm that this approach will work, or advise
>> me
>> > on
>> > other approaches before I move forward.
>> >
>> > Thanks!
>> > Tauren
>> >
>> >
>>
>> --
>> View this message in context:
>> http://n2.nabble.com/Integration-with-RESTful-framework-tp4082288p4101151.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>
>

--00504502acada949de047d9f08c7
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi Brian,<div><br></div><div>Thanks for your response. =A0I&#39;m getting b=
ack to this after dealing with other higher priority stuff first.</div><div=
><br></div><div>Your approach sounds perfect. =A0I&#39;m using a permission=
s based model as well, so mapping GET to read, etc. will work well.</div>
<div><br></div><div>I&#39;m glad to hear you will share your code with Shir=
o and look forward to it being integrated. =A0However,=A0I&#39;m unable to =
view it because the link that you posted in the other thread requires authe=
ntication. =A0How can I gain access to it?</div>
<div><span class=3D"Apple-style-span" style=3D"font-family: Arial, Helvetic=
a, &#39;Luxi Sans&#39;, sans-serif; font-size: 14px; white-space: pre; "><a=
 class=3D"exlink mklink" href=3D"https://svn.sonatype.org/spice/trunk/plexu=
s-security/security-system/src/main/java/org/sonatype/security/web/filter/a=
uthz/HttpVerbMappingAuthorizationFilter.java" rel=3D"nofollow" style=3D"col=
or: rgb(0, 0, 153); text-decoration: underline; cursor: pointer; ">https://=
svn.sonatype.org/spice/trunk/plexus-security/security-system/src/main/java/=
org/sonatype/security/web/filter/authz/HttpVerbMappingAuthorizationFilter.j=
ava</a>
</span></div><div><br></div><div>Also, I have a few questions for you regar=
ding your implementation. =A0How does your system know which user is reques=
ting a REST resource? =A0Does a user login, receive a shiro cookie, and the=
n hit a RESTful url, and that cookie is used to know which user it is? =A0O=
r are you doing something else? =A0</div>
<div><br></div><div>Thanks,<br>Tauren</div><div><br></div><div><br></div><d=
iv><br><br><div class=3D"gmail_quote">On Wed, Dec 2, 2009 at 10:52 AM, Bria=
n Demers <span dir=3D"ltr">&lt;<a href=3D"mailto:brian.demers@gmail.com">br=
ian.demers@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex;">For Nexus what we did is we mapped the requ=
est method to a permission, so GET =3D=3D read.<br>so the permission looks =
something like: something:read.<br>
<br>There is a similar post in the archive: <br><a href=3D"http://markmail.=
org/message/spd4esrpyzskfjfs#query:Declaratively%20Defining%20Authorization=
%20Rules+page:1+mid:phoffgneifvd4l7p+state:results" target=3D"_blank">http:=
//markmail.org/message/spd4esrpyzskfjfs#query:Declaratively%20Defining%20Au=
thorization%20Rules+page:1+mid:phoffgneifvd4l7p+state:results</a><div>
<div></div><div class=3D"h5"><br>
<br><br><div class=3D"gmail_quote">On Wed, Dec 2, 2009 at 12:44 PM, lev <sp=
an dir=3D"ltr">&lt;<a href=3D"mailto:dilraj.singh@amdocs.com" target=3D"_bl=
ank">dilraj.singh@amdocs.com</a>&gt;</span> wrote:<br><blockquote class=3D"=
gmail_quote" style=3D"border-left:1px solid rgb(204, 204, 204);margin:0pt 0=
pt 0pt 0.8ex;padding-left:1ex">

<br>
Hi Tauren,<br>
<br>
I am also doing same thing, if you can be in my contact it will be great, w=
e<br>
can help each other htink it out.<br>
<br>
Regards,<br>
<div><div></div><div><br>
<br>
Tauren Mills-3 wrote:<br>
&gt;<br>
&gt; I have an application built with spring, hibernate, shiro, wicket, and=
<br>
&gt; jquery. I&#39;m looking to add a RESTful framework to the mix, such as=
 jersey<br>
&gt; or<br>
&gt; restlet.<br>
&gt;<br>
&gt; Although the main UI is built and managed using Wicket, there will be<=
br>
&gt; several jQuery components embedded in the UI that need to send and rec=
eive<br>
&gt; JSON data via RESTful web services. =A0These same web services will al=
so be<br>
&gt; used by iPhone and Android applications, as well as other potential<br=
>
&gt; clients.<br>
&gt;<br>
&gt; When a user logs into my application, they are authenticated by shiro =
and<br>
&gt; get a cookie. =A0This cookie is used to identify them for all future<b=
r>
&gt; requests<br>
&gt; so that the application knows what features and data they are authoriz=
ed<br>
&gt; to<br>
&gt; see. =A0Most users use the remember me feature and rarely have to log =
in<br>
&gt; again.<br>
&gt;<br>
&gt; My hope is that the RESTful service will automatically use that same<b=
r>
&gt; authentication cookie so that the web services only serve appropriate =
data<br>
&gt; for that user. =A0Also, the plan is for the mobile apps (iphone/androi=
d) to<br>
&gt; have a UI for username/password and that it will then authenticate via=
 a<br>
&gt; web<br>
&gt; service call and get a cookie to use on subsequent requests as well.<b=
r>
&gt;<br>
&gt; I&#39;m hoping someone can confirm that this approach will work, or ad=
vise me<br>
&gt; on<br>
&gt; other approaches before I move forward.<br>
&gt;<br>
&gt; Thanks!<br>
&gt; Tauren<br>
&gt;<br>
&gt;<br>
<br>
</div></div><font color=3D"#888888">--<br>
View this message in context: <a href=3D"http://n2.nabble.com/Integration-w=
ith-RESTful-framework-tp4082288p4101151.html" target=3D"_blank">http://n2.n=
abble.com/Integration-with-RESTful-framework-tp4082288p4101151.html</a><br>


</font><div><div></div><div>Sent from the Shiro User mailing list archive a=
t Nabble.com.<br>
</div></div></blockquote></div><br>
</div></div></blockquote></div><br></div>

--00504502acada949de047d9f08c7--