Classic | List | Threaded |
|
This post has NOT been accepted by the mailing list yet.
I want to use instance level permissions in my application. The app is an application to provide REST API's using Jersey.
What I want is to set a permission for a user that says something like document:edit:12345 I can infer the document:edit part of the check by how it's associated with the REST API method so @POST @Path("/document/xxx/edit") public void editDocument(@PathParam(xxx) int docId){ } That's a typical example of the REST URL we might have. I want to see if there is a way to use the Shiro annotations to pick out that the xxx in the path param is the instance value that should be compared to their permissions. Essentially doing something like this @POST @Path("/document/{docId}/edit") @Requires("document:edit:{docId}") public void editDocument(@PathParam("docId") int docId){ } That way the annotations can share the param replacement that the Jersey annotations use (which I believe are JSR-spec) and make it more dynamic to check. Is this something that is available, or something that is in the works? Remove Ads
|
|
This post has NOT been accepted by the mailing list yet.
Hi,
I have just the same problem as you written above. Have you figured out how to solve this issue? Remove Ads
|
Powered by Nabble | Edit this page |