For Nexus what we did is we mapped the request method to a permission, so GET == read. so the permission looks something like: something:read.
There is a similar post in the archive: http://markmail.org/message/spd4esrpyzskfjfs#query:Declaratively%20Defining%20Authorization%20Rules+page:1+mid:phoffgneifvd4l7p+state:results On Wed, Dec 2, 2009 at 12:44 PM, lev <[email protected]> wrote: > > Hi Tauren, > > I am also doing same thing, if you can be in my contact it will be great, > we > can help each other htink it out. > > Regards, > > > Tauren Mills-3 wrote: > > > > I have an application built with spring, hibernate, shiro, wicket, and > > jquery. I'm looking to add a RESTful framework to the mix, such as jersey > > or > > restlet. > > > > Although the main UI is built and managed using Wicket, there will be > > several jQuery components embedded in the UI that need to send and > receive > > JSON data via RESTful web services. These same web services will also be > > used by iPhone and Android applications, as well as other potential > > clients. > > > > When a user logs into my application, they are authenticated by shiro and > > get a cookie. This cookie is used to identify them for all future > > requests > > so that the application knows what features and data they are authorized > > to > > see. Most users use the remember me feature and rarely have to log in > > again. > > > > My hope is that the RESTful service will automatically use that same > > authentication cookie so that the web services only serve appropriate > data > > for that user. Also, the plan is for the mobile apps (iphone/android) to > > have a UI for username/password and that it will then authenticate via a > > web > > service call and get a cookie to use on subsequent requests as well. > > > > I'm hoping someone can confirm that this approach will work, or advise me > > on > > other approaches before I move forward. > > > > Thanks! > > Tauren > > > > > > -- > View this message in context: > http://n2.nabble.com/Integration-with-RESTful-framework-tp4082288p4101151.html > Sent from the Shiro User mailing list archive at Nabble.com. >
