Looking at the implementation of Shiros filter I guess it could be sufficient (and not breaking compatibility) if we would modify PathMatchingFilter.pathsMatch(...) and/or AntPathMatcher to reflect the behavior. Maybe one of the Shiro core guys has an idea if this could be working without breaking anything!?
Cheers Daniel On 26.09.2013, at 01:35, davison wrote: > I have a similar use case to yours but I need anonymous access to certain > methods too which I think is not possible (I'll post separately to outline > my case). But for your needs, where you must be authenticated for *any* > request, I think this can be handled with config only - at least using Shiro > 1.2.2 > > Define a filter chain using the "rest" filter (an inbuilt instance of > HttpMethodPermissionFilter)... > > /data/stocks/** = authc, rest[stocks] > > ..and in your realm define permissions like; > > role.admin=stocks:* > role.user=stocks:read > > > hth, > Darren. > > > Daniel Bimschas wrote >> Dear Shiroers, >> >> I've commented my ticket as I noticed that also my implementation doesn't >> really support all use cases. In fact it would be ideal to configure the >> filter like in the example of SHIRO-107 >> (https://issues.apache.org/jira/browse/SHIRO-107): >> >> /data/stocks/**:post = authc, roles[admin] >> /data/stocks/** = authc >> >> However, although the issue is marked as resolved it doesn't seem to be >> possible to specify the filter as in the given example. Doing so will fail >> with the following message: >> >> There is no filter with name 'post = authc' to apply to chain >> [/data/stocks/**] in the pool of available Filters. Ensure a filter with >> that name/path has first been registered with the addFilter method(s). >> >> Is there another way to specify the filter chain that resembles the same >> behavior? > > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Role-based-authorization-depending-on-HTTP-request-method-tp7579143p7579175.html > Sent from the Shiro User mailing list archive at Nabble.com. -- Daniel Bimschas, M.Sc. UNIVERSITÄT ZU LÜBECK INSTITUT FÜR TELEMATIK Ratzeburger Allee 160 23538 Lübeck Tel +49 451 500 5392 Fax +49 451 500 5382 [email protected] https://www.itm.uni-luebeck.de/people/bimschas
