Hmm. I'm not sure how to add you guys to the issue so please go ahead and watch it: https://issues.apache.org/jira/browse/SHIRO-459
I'll now add the implementation and some comment on how to proceed... Cheers Daniel On 18.09.2013, at 20:39, Stephen McCants wrote: > Hi Daniel, > > I'd like to be copied on that Jira ticket as well. > Thanks! > > --Stephen > > On 9/18/2013 1:33 PM, Les Hazlewood wrote: >> Hi Daniel, >> >> Please attach it to a Jira issue so we can take a look at it - if it makes >> sense to add for general purpose use, we will! >> >> Thanks! >> >> -- >> Les Hazlewood | @lhazlewood >> CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 >> >> >> On Wed, Sep 18, 2013 at 12:24 AM, Daniel Bimschas >> <[email protected]> wrote: >> Digging into the Shiro source codes I found that this feature is in fact not >> available in Shiro. I've now implemented my own custom filter (extending >> RolesAuthorizationFilter) that allows you to do exactly what I wanted. >> Configuration for the filter follows the following example: >> >> [main] >> myFilter=my.package.HttpMethodRolesAuthorizationFilter >> [urls] >> /rest = authcBasic, >> myFilter[PUT=SERVICE_PROVIDER&EXPERIMENTER,POST=EXPERIMENTER,DELETE=ADMINISTRATOR] >> >> So, in this example >> >> - a user must be authenticated to execute any operation >> - a user with both roles SERVICE_PROVIDER and EXPERIMENTER can send a PUT >> request, >> - a user with role EXPERIMENTER can send POST requests, and >> - a user with role ADMINISTRATOR can DELETE things >> >> I would be more than happy to contribute this little bit of code to the >> project in case you're interested! >> >> Best regards >> Daniel Bimschas >> >> On 16.09.2013, at 11:37, Daniel Bimschas wrote: >> >> > Dear Shiro gods! >> > >> > I'm struggling to figure out how I can do role-based authorization >> > depending on what HTTP method a request is using. I've posted this >> > question on StackOverflow as it seems nobody has been asking it before (at >> > least I couldn't find it with my search terms). I would be incredibly >> > happy if you could take a look! >> > >> > http://stackoverflow.com/questions/18824670/how-to-do-role-based-authorization-with-apache-shiro-depending-on-http-request-m >> > >> > Cheers >> > Daniel Bimschas >> > > > -- > Stephen McCants > Senior Software Engineer > Healthcare Control Systems > 1-877-877-8795 x116 > -- Daniel Bimschas, M.Sc. UNIVERSITÄT ZU LÜBECK INSTITUT FÜR TELEMATIK Ratzeburger Allee 160 23538 Lübeck Tel +49 451 500 5392 Fax +49 451 500 5382 [email protected] https://www.itm.uni-luebeck.de/people/bimschas
