Hi Brian, Thanks for your response. I'm getting back to this after dealing with other higher priority stuff first.
Your approach sounds perfect. I'm using a permissions based model as well, so mapping GET to read, etc. will work well. I'm glad to hear you will share your code with Shiro and look forward to it being integrated. However, I'm unable to view it because the link that you posted in the other thread requires authentication. How can I gain access to it? https://svn.sonatype.org/spice/trunk/plexus-security/security-system/src/main/java/org/sonatype/security/web/filter/authz/HttpVerbMappingAuthorizationFilter.java Also, I have a few questions for you regarding your implementation. How does your system know which user is requesting a REST resource? Does a user login, receive a shiro cookie, and then hit a RESTful url, and that cookie is used to know which user it is? Or are you doing something else? Thanks, Tauren On Wed, Dec 2, 2009 at 10:52 AM, Brian Demers <[email protected]>wrote: > For Nexus what we did is we mapped the request method to a permission, so > GET == read. > so the permission looks something like: something:read. > > There is a similar post in the archive: > > http://markmail.org/message/spd4esrpyzskfjfs#query:Declaratively%20Defining%20Authorization%20Rules+page:1+mid:phoffgneifvd4l7p+state:results > > > > On Wed, Dec 2, 2009 at 12:44 PM, lev <[email protected]> wrote: > >> >> Hi Tauren, >> >> I am also doing same thing, if you can be in my contact it will be great, >> we >> can help each other htink it out. >> >> Regards, >> >> >> Tauren Mills-3 wrote: >> > >> > I have an application built with spring, hibernate, shiro, wicket, and >> > jquery. I'm looking to add a RESTful framework to the mix, such as >> jersey >> > or >> > restlet. >> > >> > Although the main UI is built and managed using Wicket, there will be >> > several jQuery components embedded in the UI that need to send and >> receive >> > JSON data via RESTful web services. These same web services will also >> be >> > used by iPhone and Android applications, as well as other potential >> > clients. >> > >> > When a user logs into my application, they are authenticated by shiro >> and >> > get a cookie. This cookie is used to identify them for all future >> > requests >> > so that the application knows what features and data they are authorized >> > to >> > see. Most users use the remember me feature and rarely have to log in >> > again. >> > >> > My hope is that the RESTful service will automatically use that same >> > authentication cookie so that the web services only serve appropriate >> data >> > for that user. Also, the plan is for the mobile apps (iphone/android) >> to >> > have a UI for username/password and that it will then authenticate via a >> > web >> > service call and get a cookie to use on subsequent requests as well. >> > >> > I'm hoping someone can confirm that this approach will work, or advise >> me >> > on >> > other approaches before I move forward. >> > >> > Thanks! >> > Tauren >> > >> > >> >> -- >> View this message in context: >> http://n2.nabble.com/Integration-with-RESTful-framework-tp4082288p4101151.html >> Sent from the Shiro User mailing list archive at Nabble.com. >> > >
