You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by mstich <ms...@rfcode.com> on 2014/09/03 20:51:08 UTC

REST, Roles, and Shiro Configuration

I'm having a bit of time trying to piece all the Shiro pieces together.  I am
currently trying to migrate my application away from spring security and use
Shiro.  With the old spring security, I configured it each url with the http
method and the allowed roles, something like:

<intercept-url pattern="/api/entity*/**"
access="ROLE_ADMIN,ROLE_MANAGER,ROLE_EDITOR" method="POST"/>

I want to do something similar with Shiro.  I found this post:
https://issues.apache.org/jira/browse/SHIRO-107

which indicates I should be able to configure a url in the ini file like the
following:

/api/entity/**:post = authcBasic, roles[ROLE_ADMIN,ROLE_MANAGER,ROLE_EDITOR]

I have implemented an AuthorizingRealm.  The part of the equation that I do
not understand is where/how am I supposed to perform the Authorization
checks.  I would like the configuration of the url/role/rest method
authorization to be declarative.  Can anyone with experience with
implementing a rest/role based implementation in Shiro point me in the right
direction?

Thanks in advance.

Marty




--
View this message in context: http://shiro-user.582556.n2.nabble.com/REST-Roles-and-Shiro-Configuration-tp7580185.html
Sent from the Shiro User mailing list archive at Nabble.com.