That's easy! Thank you! Jason Holmberg ECOCEAN Whale Shark Photo-identification Library http://www.whaleshark.org
Please consider adopting a shark to support our mission: http://www.whaleshark.org/adoptashark.jsp On Fri, May 24, 2013 at 6:11 AM, Poitras Christian < [email protected]> wrote: > Hi,**** > > ** ** > > There isn’t much of the Shiro API that you need to use beyond creating the > SecurityManager/Realm and using the subject to check roles - > SecurityUtils.getSubject().checkRole().**** > > ** ** > > So basically, the idea is:**** > > Show a list predetermined URL that the program uses. You don’t want users > to manually enter additional URLs unless you don’t have any other choices. > **** > > Then the users selects the role for each URL based on the roles present in > your system (probably a Java enum).**** > > Then store this in a table with 2 columns (URL – role).**** > > ** ** > > In your request filter, validate the role based on the database. Something > like this:**** > > String role = database.getRequiredRole(request.getServletPath());**** > > If (role != null)**** > > SecurityUtils.getSubject().checkRole(role);**** > > ** ** > > Christian**** > > ** ** > > *De :* Jason Holmberg [mailto:[email protected]] > *Envoyé :* May-23-13 4:10 PM > *À :* [email protected] > *Objet :* Re: Securing URLs in a J2EE web application**** > > ** ** > > Thanks. What is the Shiro API object that such a persisted URL filter > would map to?**** > > > **** > > Jason Holmberg > ECOCEAN Whale Shark Photo-identification Library > http://www.whaleshark.org > > Please consider adopting a shark to support our mission: > http://www.whaleshark.org/adoptashark.jsp**** > > ** ** > > On Thu, May 23, 2013 at 6:38 AM, Poitras Christian < > [email protected]> wrote:**** > > Hi,**** > > **** > > I think your best option is to store the URL security in the database and > have a request filter validate user’s role dynamically.**** > > **** > > Christian**** > > **** > > *De :* Jason Holmberg [mailto:[email protected]] > *Envoyé :* May-22-13 6:27 PM > *À :* [email protected] > *Objet :* Securing URLs in a J2EE web application**** > > **** > > Hi Everyone,**** > > **** > > So far I have beena susccessful SHiro newbie, adding basic user and role > mgmt. into my open source project for wildlife research:**** > > **** > > https://github.com/holmbergius/Shepherd-Project**** > > **** > > However, most of my users (biologists) will not be comfortable adjusting > and managing URL-based security in web.xml with the Shiro filter. **** > > **** > > What is the best way for me to develop URL-based mgmt. as a UI function > with Shiro? Is it simply a matter of moving to shiro.ini and dynamically > re-writing the URL entries based on choices made by the user in my GUI, or > should I create persistent mappings through the Shiro API?**** > > **** > > Any advice would help!**** > > **** > > **** > > Cheers, > **** > > Jason Holmberg > ECOCEAN Whale Shark Photo-identification Library > http://www.whaleshark.org > > Please consider adopting a shark to support our mission: > http://www.whaleshark.org/adoptashark.jsp**** > > ** ** >
