shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Young <bobbot...@gmail.com>
Subject Re: shiro.ini role "or" matching
Date Tue, 06 Jun 2017 18:16:24 GMT
Hey Brian!

The example was a bit of a simple example.  I've decided to bite the bullet
and create a roles to permissions mapping in my application, to be honest
it is probably for the best in the long term.

I had been delaying this issue, but honestly some application code is
looking a lot saner now that I've bit the bullet.

Thanks!
Rob

On Mon, Jun 5, 2017 at 11:01 AM, Brian Demers <brian.demers@gmail.com>
wrote:

> There is a related issue open: https://issues.apache.
> org/jira/browse/SHIRO-314
> Take a look at that one if you want to comment/add anything.
>
> Though the way I typically recommend solving this type of problem is with
> permissions.
>
> In this case say we define a 'staff:read' and assign it do your path:
> /staff/** = perms["staff:read"]
>
> Then you could add this permission to your roles
> staff = staff:read
> qa = staff:*
> admin = *
>
> Any of these roles would be allowed access to your /staff/** resources
>
> see: https://shiro.apache.org/web.html#web-ini-configuration
>
>
> Does that help?
> -Brian
>
>
> On Sun, Jun 4, 2017 at 8:49 AM, Rob Young <bobbotron@gmail.com> wrote:
>
>> Hi there,
>>
>> In the web section of shiro.ini, I'd love to be able to do something like:
>>
>> /staff/** = roles[staff] OR roles[qa]
>>
>> I realize this isn't really the shiro way of doing things but it would
>> sure be handy for some features I'm working on.  Is there a way to do this
>> in the shiro.ini DSL?
>>
>> Thanks,
>> Rob
>>
>
>

Mime
View raw message