You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by saadmufti <sa...@gmail.com> on 2013/08/15 23:49:31 UTC
New Filter Proposal
Hi,
I have written a new shiro filter HttpMethodAndPathPermissionFilter that
extends HttpMethodPermissionFilter. What this allows for is dynamic
construction of permissions based on the path components or the URL path in
a REST API request, in addition to the HTTP method as the current "rest"
filter does. For example, if you have the following:
[main]
.
.
.
rest_path = com.aol.advertising.cl.shiro.HttpMethodAndPathPermissionFilter
[urls]
/v1/** = ssl, noSessionCreation, authcBasic, rest_path[$2:$3]
then a call to GET /v1/collection/ibm
requires the permission collection:ibm:read
and a call to PUT /v1/selection/xerox/
requires the permission selection:xerox:update
This is most useful when a part of the path refers to some variable like
client id or something that is not predicatble enough to configure explicity
in advance.
I have kept it as a separate filter rather than just enhancing the existing
HttpMethodPermissionFilter because the cost of expanding the $1 and $2 etc
should only be paid where required.
It seems to be working perfectly fine for us, would there be any interest in
acceptiing this for inclusion in the shiro core?
Thanks.
------------
Saad Mufti
--
View this message in context: http://shiro-developer.582600.n2.nabble.com/New-Filter-Proposal-tp7578113.html
Sent from the Shiro Developer mailing list archive at Nabble.com.
Re: New Filter Proposal
Posted by Craig L Russell <cr...@oracle.com>.
Hi Saad,
You could describe your code on this mailing list telling what it does and where it fits.
If you get some good feedback you could create a JIRA and attach your code to it.
Regards,
Craig
On Aug 17, 2013, at 10:17 AM, saadmufti wrote:
> Thanks, do you know I would go about submitting my code for consideration? It
> is just one class. I am using Shiro 1.2.2 .
>
> ----
> Saad
>
>
>
>
> --
> View this message in context: http://shiro-developer.582600.n2.nabble.com/New-Filter-Proposal-tp7578113p7578115.html
> Sent from the Shiro Developer mailing list archive at Nabble.com.
Craig L Russell
Architect, Oracle
http://db.apache.org/jdo
408 276-5638 mailto:Craig.Russell@oracle.com
P.S. A good JDO? O, Gasp!
Re: New Filter Proposal
Posted by saadmufti <sa...@gmail.com>.
Thanks, do you know I would go about submitting my code for consideration? It
is just one class. I am using Shiro 1.2.2 .
----
Saad
--
View this message in context: http://shiro-developer.582600.n2.nabble.com/New-Filter-Proposal-tp7578113p7578115.html
Sent from the Shiro Developer mailing list archive at Nabble.com.
Re: New Filter Proposal
Posted by Brian Demers <br...@gmail.com>.
Cool!
I wish I done something like this a couple years ago
On Thu, Aug 15, 2013 at 5:49 PM, saadmufti <sa...@gmail.com> wrote:
> Hi,
>
> I have written a new shiro filter HttpMethodAndPathPermissionFilter that
> extends HttpMethodPermissionFilter. What this allows for is dynamic
> construction of permissions based on the path components or the URL path in
> a REST API request, in addition to the HTTP method as the current "rest"
> filter does. For example, if you have the following:
>
> [main]
> .
> .
> .
> rest_path = com.aol.advertising.cl.shiro.HttpMethodAndPathPermissionFilter
>
> [urls]
> /v1/** = ssl, noSessionCreation, authcBasic, rest_path[$2:$3]
>
> then a call to GET /v1/collection/ibm
>
> requires the permission collection:ibm:read
>
> and a call to PUT /v1/selection/xerox/
>
> requires the permission selection:xerox:update
>
> This is most useful when a part of the path refers to some variable like
> client id or something that is not predicatble enough to configure
> explicity
> in advance.
>
> I have kept it as a separate filter rather than just enhancing the existing
> HttpMethodPermissionFilter because the cost of expanding the $1 and $2 etc
> should only be paid where required.
>
> It seems to be working perfectly fine for us, would there be any interest
> in
> acceptiing this for inclusion in the shiro core?
>
> Thanks.
>
> ------------
> Saad Mufti
>
>
>
>
> --
> View this message in context:
> http://shiro-developer.582600.n2.nabble.com/New-Filter-Proposal-tp7578113.html
> Sent from the Shiro Developer mailing list archive at Nabble.com.
>