> See org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter Just to double-check, all I have to do is treat the 'mappedValue' argument of isAccessAllowed() as the configuration options? In other words, with
[urls]
/plugin/** = authcBasic[POST,PUT,DELETE]
I can add
public isAccessAllowed(ServletRequest request, ServletResponse
response, Object mappedValue) throws IOException {
String[] httpMethods = (String[]) mappedValue;
...
Correct?
Thanks,
Peter
