I'm having a bit of time trying to piece all the Shiro pieces together. I am currently trying to migrate my application away from spring security and use Shiro. With the old spring security, I configured it each url with the http method and the allowed roles, something like:
<intercept-url pattern="/api/entity*/**" access="ROLE_ADMIN,ROLE_MANAGER,ROLE_EDITOR" method="POST"/> I want to do something similar with Shiro. I found this post: https://issues.apache.org/jira/browse/SHIRO-107 which indicates I should be able to configure a url in the ini file like the following: /api/entity/**:post = authcBasic, roles[ROLE_ADMIN,ROLE_MANAGER,ROLE_EDITOR] I have implemented an AuthorizingRealm. The part of the equation that I do not understand is where/how am I supposed to perform the Authorization checks. I would like the configuration of the url/role/rest method authorization to be declarative. Can anyone with experience with implementing a rest/role based implementation in Shiro point me in the right direction? Thanks in advance. Marty -- View this message in context: http://shiro-user.582556.n2.nabble.com/REST-Roles-and-Shiro-Configuration-tp7580185.html Sent from the Shiro User mailing list archive at Nabble.com.
