Hi Nicolas, I think your approach is sound - a regular expression matcher would certainly work!
Les On Tue, Nov 15, 2011 at 1:34 PM, ngriso <[email protected]> wrote: > Hi, > > For the rest resources I expose in my application, I'd like to have > different permissions based on the id of the resource. > > Example: > for the resource /store/books/123: > * user1 can update it (i.e run the request PUT /store/books/123 with > success) > * user2 cannot (i.e get a 403 when running PUT /store/books/123) > > First, I try to use HttpMethodPermissionFilter. > But with it, I don't have access to the id of the resource. > If my ini configuration is: > /store/books/** rest[books] > I only get permissions like books:read or books:update. > But what I'd like is: books:read:123 > > So I was thinking to use regex to extract the part of the url I'm interessed > in. > Example with this configuration: > /store/books/(.*) rest[books] > The filter could extract the group(s) defined in the url, and add them to > the permission. > > What do you think? > Do you see another solution to do that? > > Thanks for your help > Nicolas > > PS: I already write the code to do this. The only difficult part is that the > PatternMatcher we want to use (here RegExPatternMatcher) is not easily > injectable into the different filter or chain resolver. If asked I'll start > another thread about this > > -- > View this message in context: > http://shiro-developer.582600.n2.nabble.com/Rest-resource-authorisation-tp6998028p6998028.html > Sent from the Shiro Developer mailing list archive at Nabble.com.
