On Sun, Jul 10, 2011 at 12:51 AM, emaayan <[email protected]> wrote:
> i'm trying to figure out if by only checking permission > (checkPermission/hasPermission, and not using hasRole) shiro willl inspect > roles which contain said permissions so i won't to do it myself. > You could use a RolePermissionResolver to resolve permissions that are contained in a Role. For example if your realm connects to some directory that only maps users and groups/roles you can use a RolePermissionResolver at an application level to tie specific permissions to roles. > > also is there a way / pattern , to have servlet filter inspect incoming > request and have the request name be as resource to checked for permission > and if not throw an 401 error? > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/is-checking-premission-implicitly-check-roles-as-well-tp6567107p6567107.html > Sent from the Shiro User mailing list archive at Nabble.com. >
