Auth cache (SHIRO-73) would be great, I had to bake this into a couple realms previously: https://github.com/sonatype/security/blob/master/security-realms/security-url-realm/src/main/java/org/sonatype/security/realms/url/URLRealm.java
Also as you mentioned the stateless session (https://issues.apache.org/jira/browse/SHIRO-266) would be nice too. Does anyone else feel it would be useful to detect if the client was a browser and honor cookies and treat other clients (curl, wget, etc) as session-less ? On Tue, Apr 5, 2011 at 12:37 PM, Les Hazlewood <[email protected]> wrote: >> * Some sort of built-in Permission matching mechanism that understands HTTP >> methods? >> --Erik > > Also, Erik, have you seen Shiro's existing > org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter. This > defaults to the 'rest' filter in Shiro's default filters. I think > this might be the built-in permission matching mechanism you mentioned > above. > > Cheers, > > Les >
