Hi Luke,
On Fri, Sep 2, 2011 at 8:58 AM, Luke Biddell <[email protected]> wrote:
> I know I can handle this in code by cross referencing the uri parameter with
> the user's account id principal.
> Is there a slick way using Shiro's ini filter chains etc?
Not at the moment since it would require Shiro to parse the URL for a
placeholder token (like the {foo} syntax) or the headers to look for
the actual value and construct a permission.
That is, you'd have to tell Shiro somehow what the URL template is. I
wonder if there is a way to easily do this with an existing filter.
Or perhaps something could be whipped up to look at JAX-RS @Path
annotations. But at the moment that doesn't exist. Contributions and
other ideas are welcome!
HTH,
--
Les Hazlewood
CTO, Katasoft | http://www.katasoft.com | 888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
katasoft blog: http://www.katasoft.com/blogs/lhazlewood
personal blog: http://leshazlewood.com
