Re: hundreds of url and perms relationship management

[jleleu <le...@gmail.com>]

Hi,

A realm authenticates a user and retrieves authorizations for a user,
without taking into account the current url.

There is a filter to check permissions accesses : the
PermissionsAuthorizationFilter.
According to your security configuration, the filter is applied to the
incoming url.

For your problem, I would create a specific filter, apply it to a more
generic url :
/moduleA/** = superPermissionsFilter

This superPermissionsFilter would inherit from the AuthorizationFilter class
and would override the isAccessAllowed method. 
This method would be closed to the isAccessAllowed method in the
PermissionsAuthorizationFilter class, just replacing the line :
        String[] perms = (String[]) mappedValue;
by :
        String[] perms =
readPermissionsFromDatabaseAccordingToTheUrl(request);
and creating this readPermissionsFromDatabaseAccordingToTheUrl method to
load from database (or weherever you want, use cache if necessary) the right
permissions according to the url.

Best regards,
Jérôme


--
View this message in context: http://shiro-user.582556.n2.nabble.com/hundreds-of-url-and-perms-relationship-management-tp7526644p7527823.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: hundreds of url and perms relationship management

[yulei <30...@qq.com>]

,Thank you!

--
View this message in context: http://shiro-user.582556.n2.nabble.com/hundreds-of-url-and-perms-relationship-management-tp7526644p7528899.html
Sent from the Shiro User mailing list archive at Nabble.com.