Brian Demers commented on SHIRO-392:

I'm adding a (generic) JAX-RS module based 
[silb/shiro-jersey|https://github.com/silb/shiro-jersey] (after chatting with 
the author)

The one thing it lacks from the original is the subject injection {{@Auth}} 
annotation, as this varies based on the implementation (Jeresy, RestEasy, Apach 
*NOTE:* I started going down the path of creating optional dependencies on the 
three major JAX-RS implementations, but I think supporting them directly at 
this point is outside the scope of the project, and could be a non-issue if the 
developer is already using dependency injection.

> Shiro Extension for JAX-RS
> --------------------------
>                 Key: SHIRO-392
>                 URL: https://issues.apache.org/jira/browse/SHIRO-392
>             Project: Shiro
>          Issue Type: Improvement
>            Reporter: Jan Stamer
> We've added an extension to Shiro which enables Shiro annotations in the 
> JAX-RS implementation Sun Jersey.
> You can do the following with it:
> @Path("/changelog")
> @RequiresPermissions("repository:read")
> public class ChangelogResourceImpl {
>    @POST
>    @Consumes(MediaType.APPLICATION_JSON)
>    @Path("/addObject")
>    @Override
>    @RequiresPermissions("repository:write")
>    public Response addObject(ObjectJson objectJson) {
>       someService.addObject(object);
>       return Response.ok().build();
>    }
> }
> If the user is not authenticated Http Status Code 401 is returned. If the 
> user has insufficient privileges Status Code 403 is returned.
> Right now we've only added support for the annoation @RequiresPermissions. 
> The other Shiro annoations could easily be added in the same fashion. Yet 
> currently that's the only one we need.

This message was sent by Atlassian JIRA

Reply via email to