Hi, There isn't much of the Shiro API that you need to use beyond creating the SecurityManager/Realm and using the subject to check roles - SecurityUtils.getSubject().checkRole().
So basically, the idea is: Show a list predetermined URL that the program uses. You don't want users to manually enter additional URLs unless you don't have any other choices. Then the users selects the role for each URL based on the roles present in your system (probably a Java enum). Then store this in a table with 2 columns (URL - role). In your request filter, validate the role based on the database. Something like this: String role = database.getRequiredRole(request.getServletPath()); If (role != null) SecurityUtils.getSubject().checkRole(role); Christian De : Jason Holmberg [mailto:[email protected]] Envoyé : May-23-13 4:10 PM À : [email protected] Objet : Re: Securing URLs in a J2EE web application Thanks. What is the Shiro API object that such a persisted URL filter would map to? Jason Holmberg ECOCEAN Whale Shark Photo-identification Library http://www.whaleshark.org Please consider adopting a shark to support our mission: http://www.whaleshark.org/adoptashark.jsp On Thu, May 23, 2013 at 6:38 AM, Poitras Christian <[email protected]<mailto:[email protected]>> wrote: Hi, I think your best option is to store the URL security in the database and have a request filter validate user's role dynamically. Christian De : Jason Holmberg [mailto:[email protected]<mailto:[email protected]>] Envoyé : May-22-13 6:27 PM À : [email protected]<mailto:[email protected]> Objet : Securing URLs in a J2EE web application Hi Everyone, So far I have beena susccessful SHiro newbie, adding basic user and role mgmt. into my open source project for wildlife research: https://github.com/holmbergius/Shepherd-Project However, most of my users (biologists) will not be comfortable adjusting and managing URL-based security in web.xml with the Shiro filter. What is the best way for me to develop URL-based mgmt. as a UI function with Shiro? Is it simply a matter of moving to shiro.ini and dynamically re-writing the URL entries based on choices made by the user in my GUI, or should I create persistent mappings through the Shiro API? Any advice would help! Cheers, Jason Holmberg ECOCEAN Whale Shark Photo-identification Library http://www.whaleshark.org Please consider adopting a shark to support our mission: http://www.whaleshark.org/adoptashark.jsp
