Shiro User

Instance permissions and REST

spacer Classic spacer List spacer Threaded
spacer
2 messages spacer
jesmith17
Reply | Threaded
Open this post in threaded view
|   spacer
Report Content as Inappropriate
spacer
spacer

Instance permissions and REST

spacer spacer
This post has NOT been accepted by the mailing list yet.
I want to use instance level permissions in my application. The app is an application to provide REST API's using Jersey.

What I want is to set a permission for a user that says something like

document:edit:12345

I can infer the document:edit part of the check by how it's associated with the REST API method

so

@POST
@Path("/document/xxx/edit")
public void editDocument(@PathParam(xxx) int docId){

}


That's a typical example of the REST URL we might have. I want to see if there is a way to use the Shiro annotations to pick out that the xxx in the path param is the instance value that should be compared to their permissions.

Essentially doing something like this

@POST
@Path("/document/{docId}/edit")
@Requires("document:edit:{docId}")
public void editDocument(@PathParam("docId") int docId){



}

That way the annotations can share the param replacement that the Jersey annotations use (which I believe are JSR-spec) and make it more dynamic to check.

Is this something that is available, or something that is in the works?


Remove Ads
matasko
Reply | Threaded
Open this post in threaded view
|   spacer
Report Content as Inappropriate
spacer
spacer

Re: Instance permissions and REST

spacer spacer
This post has NOT been accepted by the mailing list yet.
Hi,
I have just the same problem as you written above. Have you figured out how to solve this issue?

Remove Ads
Loading...
Powered by Nabble Edit this page
gipoco.com is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site.