Sorry about that, anon access is over http, not https: http://svn.sonatype.org/spice/trunk/plexus-security/security-system/src/main/java/org/sonatype/security/web/filter/authz/HttpVerbMappingAuthorizationFilter.java<https://svn.sonatype.org/spice/trunk/plexus-security/security-system/src/main/java/org/sonatype/security/web/filter/authz/HttpVerbMappingAuthorizationFilter.java>
On Wed, Jan 20, 2010 at 4:11 PM, Tauren Mills <[email protected]> wrote: > Hi Brian, > > Thanks for your response. I'm getting back to this after dealing with > other higher priority stuff first. > > Your approach sounds perfect. I'm using a permissions based model as well, > so mapping GET to read, etc. will work well. > > I'm glad to hear you will share your code with Shiro and look forward to it > being integrated. However, I'm unable to view it because the link that you > posted in the other thread requires authentication. How can I gain access > to it? > > https://svn.sonatype.org/spice/trunk/plexus-security/security-system/src/main/java/org/sonatype/security/web/filter/authz/HttpVerbMappingAuthorizationFilter.java > > Also, I have a few questions for you regarding your implementation. How > does your system know which user is requesting a REST resource? Does a user > login, receive a shiro cookie, and then hit a RESTful url, and that cookie > is used to know which user it is? Or are you doing something else? > > Thanks, > Tauren > > > > > On Wed, Dec 2, 2009 at 10:52 AM, Brian Demers <[email protected]>wrote: > >> For Nexus what we did is we mapped the request method to a permission, so >> GET == read. >> so the permission looks something like: something:read. >> >> There is a similar post in the archive: >> >> http://markmail.org/message/spd4esrpyzskfjfs#query:Declaratively%20Defining%20Authorization%20Rules+page:1+mid:phoffgneifvd4l7p+state:results >> >> >> >> On Wed, Dec 2, 2009 at 12:44 PM, lev <[email protected]> wrote: >> >>> >>> Hi Tauren, >>> >>> I am also doing same thing, if you can be in my contact it will be great, >>> we >>> can help each other htink it out. >>> >>> Regards, >>> >>> >>> Tauren Mills-3 wrote: >>> > >>> > I have an application built with spring, hibernate, shiro, wicket, and >>> > jquery. I'm looking to add a RESTful framework to the mix, such as >>> jersey >>> > or >>> > restlet. >>> > >>> > Although the main UI is built and managed using Wicket, there will be >>> > several jQuery components embedded in the UI that need to send and >>> receive >>> > JSON data via RESTful web services. These same web services will also >>> be >>> > used by iPhone and Android applications, as well as other potential >>> > clients. >>> > >>> > When a user logs into my application, they are authenticated by shiro >>> and >>> > get a cookie. This cookie is used to identify them for all future >>> > requests >>> > so that the application knows what features and data they are >>> authorized >>> > to >>> > see. Most users use the remember me feature and rarely have to log in >>> > again. >>> > >>> > My hope is that the RESTful service will automatically use that same >>> > authentication cookie so that the web services only serve appropriate >>> data >>> > for that user. Also, the plan is for the mobile apps (iphone/android) >>> to >>> > have a UI for username/password and that it will then authenticate via >>> a >>> > web >>> > service call and get a cookie to use on subsequent requests as well. >>> > >>> > I'm hoping someone can confirm that this approach will work, or advise >>> me >>> > on >>> > other approaches before I move forward. >>> > >>> > Thanks! >>> > Tauren >>> > >>> > >>> >>> -- >>> View this message in context: >>> http://n2.nabble.com/Integration-with-RESTful-framework-tp4082288p4101151.html >>> Sent from the Shiro User mailing list archive at Nabble.com. >>> >> >> >
