But I've often thought that the whole security should be based on allowing nothing until you explicitly do so. If we had a set of @AllowRole, @AllowPermission,... it'd simple to deny access to any resources that didn't have the annotation without incurring a performance hit. Just a thought at this point...
Kalle On Tue, Feb 23, 2010 at 6:32 AM, Brian Demers <[email protected]> wrote: > I see how they would be handy some times, but.... we try to avoid them like > the plague ;) > > On Tue, Feb 23, 2010 at 9:27 AM, Les Hazlewood <[email protected]> > wrote: >> >> No, 'negative' permissions are not supported out of the box due to the >> complexity and performance hit it would probably incur. You're more >> than welcome to open a feature request in Jira however. >> >> Regards, >> >> Les >> >> On Mon, Feb 22, 2010 at 7:41 PM, jobiwan11 <[email protected]> >> wrote: >> > >> > If you have a permission like "printer:print:*" is there a way to say >> > you're >> > not allowed to print to "lpd7" without getting rid of the >> > "printer:print:*" >> > and listing out individual permissions per printer? >> > Thanks, >> > --jim >> > -- >> > View this message in context: >> > http://n2.nabble.com/permission-everything-but-this-item-tp4616037p4616037.html >> > Sent from the Shiro User mailing list archive at Nabble.com. >> > > >
