Hi Brian, I think you'll be happy to know I'm working on SHIRO-73 right now (have been for the last 2 days). I need it at work for our REST support asap.
Thanks for the URLRealm pointer - I'll check that out and see if/how it might coincide with what I've done. My implementation is pretty much finished - I added this stuff to AuthenticatingRealm, so anything that subclasses will be able to do this - and I'd love some peer review when I commit it. I'll ping the list again when it's ready for review. Cheers, -- Les Hazlewood Founder, Katasoft, Inc. Application Security Products & Professional Apache Shiro Support and Training: http://www.katasoft.com On Fri, Apr 8, 2011 at 1:19 PM, Brian Demers <[email protected]> wrote: > Auth cache (SHIRO-73) would be great, I had to bake this into a couple > realms previously: > https://github.com/sonatype/security/blob/master/security-realms/security-url-realm/src/main/java/org/sonatype/security/realms/url/URLRealm.java > > Also as you mentioned the stateless session > (https://issues.apache.org/jira/browse/SHIRO-266) would be nice too. > Does anyone else feel it would be useful to detect if the client was a > browser and honor cookies and treat other clients (curl, wget, etc) as > session-less ? > > > > > On Tue, Apr 5, 2011 at 12:37 PM, Les Hazlewood <[email protected]> wrote: >>> * Some sort of built-in Permission matching mechanism that understands HTTP >>> methods? >>> --Erik >> >> Also, Erik, have you seen Shiro's existing >> org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter. This >> defaults to the 'rest' filter in Shiro's default filters. I think >> this might be the built-in permission matching mechanism you mentioned >> above. >> >> Cheers, >> >> Les
