Great stuff, thanks Philippe, I'll check it out. On 13 September 2011 15:02, Philippe Laflamme <[email protected]> wrote:
> Hi Luke, > > We have a similar setup (JAX-RS and Shiro) and we needed to implement > security based on the path being accessed. > > Our use case was more in regards to sub-resources. So for example, if a > user > has access to GET:/accounts/1/projects, then that needs to imply that he > also has access to GET:/accounts/1 and GET:/accounts. > > We needed to have "hierarchical" permissions. This allows a user to have > access to the list of accounts (/accounts) after we've given them the right > to see a specific one (/accounts/1), or something more specific within that > resource (/accounts/1/projects). > > Related thread: > > http://shiro-user.582556.n2.nabble.com/Question-regarding-WildcardPermission-tt5728829.html#a5728911 > > Tamas was nice enough to make an implementation of this (and much more) > here: https://github.com/cstamas/shiro-extras. I have a fork of this > project > with a few fixes. That fork is in production in our RESTful application. > > Hope it helps, > Philippe > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/RESTful-uris-and-direct-object-reference-manipulation-OWASP-4-tp6754377p6787643.html > Sent from the Shiro User mailing list archive at Nabble.com. >
