Apache Shiro, INI-Configuration, Perms per URL: How to get URL params?
Posted
by
Marcus Schultö
on Stack Overflow
See other posts from Stack Overflow
or by Marcus Schultö
Published on 2012-10-30T21:30:15Z
Indexed on
2012/10/31
11:00 UTC
Read the original article
Hit count: 249
I want to use Apache Shiro[1] in my JSF-Application to perform URL-based authorization checks, configuration done in shiro.ini As I see in the Shiro-documentation[2] there is a way to use a "perms"-filter
/remoting/rpc/** = authc, perms["remote:invoke"]
In my scenario I want this functionality, but on entity-level[3], where the entity-Id is in the http-request
# "Open settings for user with id=123":
# /user/settings.xhtml?user_id=123
/user/settings.xhtml = perms["user:update:XXX"]
So, how do I do this with Shiro? How to I tell the perms-filter to check for http-params? Or is this supposed to be done in my Realm-Implemenation, concrete by calling FacesContext?
[2] https://shiro.apache.org/web.html#Web-webini
[3] This can be done at least programmatically:
SecurityUtils.getSubject().isPermitted("printer:query:lp7200")
© Stack Overflow or respective owner