Cool! I wish I done something like this a couple years ago
On Thu, Aug 15, 2013 at 5:49 PM, saadmufti <[email protected]> wrote: > Hi, > > I have written a new shiro filter HttpMethodAndPathPermissionFilter that > extends HttpMethodPermissionFilter. What this allows for is dynamic > construction of permissions based on the path components or the URL path in > a REST API request, in addition to the HTTP method as the current "rest" > filter does. For example, if you have the following: > > [main] > . > . > . > rest_path = com.aol.advertising.cl.shiro.HttpMethodAndPathPermissionFilter > > [urls] > /v1/** = ssl, noSessionCreation, authcBasic, rest_path[$2:$3] > > then a call to GET /v1/collection/ibm > > requires the permission collection:ibm:read > > and a call to PUT /v1/selection/xerox/ > > requires the permission selection:xerox:update > > This is most useful when a part of the path refers to some variable like > client id or something that is not predicatble enough to configure > explicity > in advance. > > I have kept it as a separate filter rather than just enhancing the existing > HttpMethodPermissionFilter because the cost of expanding the $1 and $2 etc > should only be paid where required. > > It seems to be working perfectly fine for us, would there be any interest > in > acceptiing this for inclusion in the shiro core? > > Thanks. > > ------------ > Saad Mufti > > > > > -- > View this message in context: > http://shiro-developer.582600.n2.nabble.com/New-Filter-Proposal-tp7578113.html > Sent from the Shiro Developer mailing list archive at Nabble.com. >
