You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@isis.apache.org by David Tildesley <da...@yahoo.co.nz> on 2013/05/20 22:06:16 UTC

attribute level security externalised


Hi all,

We are looking at the options for controlling which "fields" that a user in a particular role can edit in a way that can be externalized like in the way Shiro externalizes role based  authorization configuration for operations. Any thoughts/ ideas or pointing out of the error of our ways most appreciated.

Regards,
David.

Re: attribute level security externalised

Posted by Dan Haywood <da...@haywood-associates.co.uk>.

Hi David,
You should be able to do this using our integration with Shiro itself, see
our docs [1] and this example app [2].  Shiro itself can take care of
loading the data from somewhere other than an .ini file.

This code isn't yet released (should be out in the next week or two), so
you'll need to build Isis from source to make use of.

HTH
Dan

[1] http://isis.apache.org/components/security/shiro/configuring-shiro.html
[2]
https://github.com/apache/isis/blob/master/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/shiro.ini

On 20 May 2013 21:06, David Tildesley <da...@yahoo.co.nz> wrote:

>
>
> Hi all,
>
> We are looking at the options for controlling which "fields" that a user
> in a particular role can edit in a way that can be externalized like in the
> way Shiro externalizes role based  authorization configuration for
> operations. Any thoughts/ ideas or pointing out of the error of our ways
> most appreciated.
>
> Regards,
> David.