Hi, I'm trying to use the HttpMethodPermissionFilter on a Jersey service to control access based on the HTTP method used over the resource. So far, I've managed to get it to work after fighting with some strange issue (possible incompatibility between Jersey 1.17.1 and Shiro 1.2.2?) by upgrading to Jersey 2.0.
All seems to work except when I'm trying to filter DELETE. I just checked the documentation of the filter and it looks like DELETE is not contemplated in the default mapping (?). I was therefore wondering what the approach should be to include it. I tried with no luck to configure the mapping in the configuration file by using something like this: "[main] ... rest.httpMethodActions = head:read, get:read, put:update, post:create, mkcol:create, options:read, trace:read, delete:delete" If I understood correctly how initialisation is handled, the problem is that there is no "setHttpMethodActions" and therefore it does not work. I was wondering if any of the assumptions above are wrong, and ultimately what should be the approach to include DELETE among the methods supported. Should I just create my own Filter implementation? It feels like there should be a straightforward way though.. Any help would be much appreciated. Cheers, Carlos
