shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lenny Primak <lpri...@hope.nyc.ny.us>
Subject Re: How to find out it a URL is authorized?
Date Sun, 22 Jan 2012 22:05:42 GMT
Let me try to clear things up a bit.
I do have a completely working Shiro-based authentication / authorization system.
It works fantastic.  What I need is to check whether a particular URL is authorized, not 
whether a user is authorized within a role.
Thank you!

On Jan 22, 2012, at 4:45 PM, jeffp wrote:

> You probably want to implement a typical RBAC type model and map your Users
> to Roles and Roles to Permissions.
> 
> Then in your custom Realm implementation override
> doGetAuthorizationInfo(...), resolve the Roles/Permissions for the current
> user and return to Shiro.  
> 
> 		SimpleAuthorizationInfo authInfo = new
> SimpleAuthorizationInfo(acl.getRoles());
> 		authInfo.addStringPermissions(acl.getPermissions());
> 		return authInfo;
> 
> Check out the  http://shiro.apache.org/java-authorization-guide.html
> Authorization Guide  and read up on Permissions as there's where you'll gain
> the capability you want. Permissions can be fairly fine grain.
> 
> In your code you can then do something like this:
> if ( SecurityUtils.getSubject().isPermitted( permission ) ) {
>  // allow something
> }
> 
> The Shiro TagLibs also support the same permissions.
> 
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/How-to-find-out-it-a-URL-is-authorized-tp7212711p7214278.html
> Sent from the Shiro User mailing list archive at Nabble.com.
> 


Mime
View raw message