> * Some sort of built-in Permission matching mechanism that understands HTTP > methods? > --Erik
Also, Erik, have you seen Shiro's existing org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter. This defaults to the 'rest' filter in Shiro's default filters. I think this might be the built-in permission matching mechanism you mentioned above. Cheers, Les
