> For example:
>
> /rest/**,GET = anon, foo, bar
> /rest/**,POST = authcBasic, perms[blah]
>
> or even more robust, to allow for other matching criteria later (e.g.
> header values?)
>
> rest/**[method:GET,blah:x] = anon, foo, bar
>
> This feels a little more robust to me than perhaps duplicating this
> stuff across the HttpMethodPermissionFilter or Authc filters...
>
> Thoughts?
I agree that whether a filter should apply to a particular HTTP method
is orthogonal to the filter implementation. Attaching it to the rule
itself does make sense. To my mind, it's simply a question of what
syntax to use.
GET:/rest/** = ...
POST,PUT,DELETE:/rest/** = ...
or
/rest/** = anon, foo, bar -- GET
/rest/** = authcBasic, perms[user] -- POST,PUT,DELETE
All sorts of options available.
Peter
