Hi Brian, Didn't you post the request-to-permission generation logic somewhere once? I was wondering if you guys had anything that you wanted to contribute to the project that we could incorporate for the first release. Please let us know!
Cheers, Les On Wed, Dec 2, 2009 at 1:52 PM, Brian Demers <[email protected]> wrote: > For Nexus what we did is we mapped the request method to a permission, so > GET == read. > so the permission looks something like: something:read. > > There is a similar post in the archive: > http://markmail.org/message/spd4esrpyzskfjfs#query:Declaratively%20Defining%20Authorization%20Rules+page:1+mid:phoffgneifvd4l7p+state:results > > > On Wed, Dec 2, 2009 at 12:44 PM, lev <[email protected]> wrote: >> >> Hi Tauren, >> >> I am also doing same thing, if you can be in my contact it will be great, >> we >> can help each other htink it out. >> >> Regards, >> >> >> Tauren Mills-3 wrote: >> > >> > I have an application built with spring, hibernate, shiro, wicket, and >> > jquery. I'm looking to add a RESTful framework to the mix, such as >> > jersey >> > or >> > restlet. >> > >> > Although the main UI is built and managed using Wicket, there will be >> > several jQuery components embedded in the UI that need to send and >> > receive >> > JSON data via RESTful web services. These same web services will also >> > be >> > used by iPhone and Android applications, as well as other potential >> > clients. >> > >> > When a user logs into my application, they are authenticated by shiro >> > and >> > get a cookie. This cookie is used to identify them for all future >> > requests >> > so that the application knows what features and data they are authorized >> > to >> > see. Most users use the remember me feature and rarely have to log in >> > again. >> > >> > My hope is that the RESTful service will automatically use that same >> > authentication cookie so that the web services only serve appropriate >> > data >> > for that user. Also, the plan is for the mobile apps (iphone/android) >> > to >> > have a UI for username/password and that it will then authenticate via a >> > web >> > service call and get a cookie to use on subsequent requests as well. >> > >> > I'm hoping someone can confirm that this approach will work, or advise >> > me >> > on >> > other approaches before I move forward. >> > >> > Thanks! >> > Tauren >> > >> > >> >> -- >> View this message in context: >> http://n2.nabble.com/Integration-with-RESTful-framework-tp4082288p4101151.html >> Sent from the Shiro User mailing list archive at Nabble.com. > >
