That's a good question. I had always thought that a UrlPermission class would make sense, doing something like this:
new UrlPermission( "/some/path/here", "GET" ); But I wonder if the WildcardPermission be used in the same way, just represented slightly differently? For example: new WildcardPermission( "/some/path/here:GET" ); or new WIldcardPermission( "/other/path/there:POST" ); I don't know if that would be expressive enough for your requirements, plus because of the comma-delimited nature of WildcardPermission, if the URL had a comma in it at all, it would make things more complicated (requiring escaping or quoting). It is funny that you bring this up - using Permissions were (and still are) my preferred way of controlling access to URLs, instead of the [urls] mapping section that we support in jsecurity.ini or web.xml. Naturally we have to support the [urls] approach because that's what most users want, but in my own applications I would prefer to ignore that entirely and use a UrlPermission concept. If you're restricting access to URLs, then you really are _permissioning_ access to those urls. Permissions make more sense to me to do this, which can be modified and assigned at runtime, rather than statically defined mappings in jsecurity.ini or in web.xml. Doing them in either of these files is essentially defining access control rules in an environment-specific location. If I configure roles and non-URL permissions elsewhere - as I almost always do, such as in an RDBMS - then I've essentially split my access control definitions in two places. That's not consistent or very clean feeling in my opinion, so I would abandon the [urls] definitions entirely. Again, this is my own preference for my applications - most end-users find the [urls] configuration so convenient that they don't care. The good thing is that JSecurity supports either approach, depending on your preference. Cheers, Les On Wed, Jul 23, 2008 at 6:56 PM, Dain Sundstrom <[EMAIL PROTECTED]> wrote: > I've read the forum posting and I have a good understanding of how you map > simple resource permissions, but I'm not sure how you map path like > permission checks. Specifically, how do you map servlet URLs to the > WildcardPermission or do you have a different permission object for URLs? > > The reason I am asking is the code I'm working on now stores the URL and > HTTP verb separately, and I need to map it to the string that the servlet > filter is going to check against (this is a custom realm). > > -dain > > On Jul 23, 2008, at 3:18 PM, Dain Sundstrom wrote: > >> That's just me. I typically read the javadoc and skim the source code >> (just incase they don't match). In this case there wasn't any javadoc :) >> >> Anyway, I'll let you know how it works out for us, and if I find anything >> fishy in the impl. >> >> Oh, are there any changes for this code in trunk (or in the pipeline) that >> I should be aware of. >> >> -dain >> >> On Jul 23, 2008, at 2:10 PM, Les Hazlewood wrote: >> >>> That reminds me - Dain, do you have any questions or suggestions about >>> how >>> WildcardPermission might not meet your needs? If you're looking into the >>> guts of this class, that leads me to believe that maybe we could improve >>> something... >>> >>> On Wed, Jul 23, 2008 at 5:09 PM, Les Hazlewood <[EMAIL PROTECTED]> wrote: >>> >>>> Hi Dain, >>>> >>>> I don't think Jeremy (our original WildcardPermission author) has >>>> migrated >>>> the following post into the documentation yet, but hopefully this helps >>>> a >>>> bit: >>>> >>>> http://www.jsecurity.org/node/1041#comment-155 >>>> >>>> Jeremy, any chance you could write the JavaDoc for WildcardPermission >>>> sometime soon? >>>> >>>> Cheers, >>>> >>>> Les >>>> >>>> >>>> On Wed, Jul 23, 2008 at 5:02 PM, Dain Sundstrom <[EMAIL PROTECTED]> wrote: >>>> >>>>> Is there a spec somewhere that explains how the default encoded >>>>> permission >>>>> string maps to the construction of a permission object? I tried to >>>>> follow >>>>> the code but got lost trying to follow how the string is split-up >>>>> between >>>>> permission construction and the WildcardPermission. I'm also >>>>> interested in >>>>> how you escape special characters like comma and colon. >>>>> >>>>> Also, is there a spec for WildcardPermission.implied(). >>>>> >>>>> -dain >>>>> >>>> >>>> >> > >
