On Sat, Jul 9, 2011 at 9:51 PM, emaayan <[email protected]> wrote: > i'm trying to figure out if by only checking permission > (checkPermission/hasPermission, and not using hasRole) shiro willl inspect > roles which contain said permissions so i won't to do it myself.
It depends on the realm implementation. For it to work as you desire, the doGetAuthorizationInfo method of the realm should return in AuthorizationInfo, not only the permissions directly associated with the principal but also the permissions associated with roles which are associated with the principal > > also is there a way / pattern , to have servlet filter inspect incoming > request and have the request name be as resource to checked for permission > and if not throw an 401 error? > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/is-checking-premission-implicitly-check-roles-as-well-tp6567107p6567107.html > Sent from the Shiro User mailing list archive at Nabble.com. > -- http://khangaonkar.blogspot.com/
