Apache Shiro, INI-Configuration, Perms per URL: How to get URL params?

Posted by Marcus Schultö on Stack Overflow See other posts from Stack Overflow or by Marcus Schultö
Published on 2012-10-30T21:30:15Z Indexed on 2012/10/31 11:00 UTC
Read the original article Hit count: 245

Filed under:

jsf

|

authorization

|

shiro

I want to use Apache Shiro[1] in my JSF-Application to perform URL-based authorization checks, configuration done in shiro.ini As I see in the Shiro-documentation[2] there is a way to use a "perms"-filter

/remoting/rpc/** = authc, perms["remote:invoke"]

In my scenario I want this functionality, but on entity-level[3], where the entity-Id is in the http-request

# "Open settings for user with id=123":
# /user/settings.xhtml?user_id=123
/user/settings.xhtml = perms["user:update:XXX"]

So, how do I do this with Shiro? How to I tell the perms-filter to check for http-params? Or is this supposed to be done in my Realm-Implemenation, concrete by calling FacesContext?

[1] https://shiro.apache.org

[2] https://shiro.apache.org/web.html#Web-webini

[3] This can be done at least programmatically:

SecurityUtils.getSubject().isPermitted("printer:query:lp7200")

https://shiro.apache.org/permissions.html

© Stack Overflow or respective owner

Related posts about jsf

Session Report: What’s New in JSF: A Complete Tour of JSF 2.2

as seen on Oracle Blogs - Search for 'Oracle Blogs'
On Wednesday, Ed Burns, Consulting Staff Member at Oracle, presented a session, CON3870 -- “What’s New in JSF: A Complete Tour of JSF 2.2,” in which he provided an update on recent developments in JavaServer Faces 2.2. He began by emphasizing that, “JavaServer Faces 2.2 continues the evolution of… >>> More
JSF - Unhide jsf component when clicking another component.

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm trying to have a button that brings up an upload dialog. The way i'm trying to achieve this is similar to this: <h:outputText value="Click Me" id="testit"> <a4j:support reRender="hideme" event="onclick" action="#{actions.switchTestRendered}"/> </h:outputText> <h:outputText… >>> More
???????????! Java EE 6???????????????/???????!!????UFJ????????????????????????Java EE 6??????JavaOne Tokyo 2012?????|WebLogic Channel|??????

as seen on Oracle Blogs - Search for 'Oracle Blogs'
??UFJ?????????????????????????IT??????? ?????????UFJ?????????/????????2007?7????????????JavaEE5?????????Java EE??????????????????????2012?4???????JavaOne Tokyo 2012??????????Java EE 6?????????????????????????Java EE 6???????????????????????????????????????????Java EE 6???????"??????????????"?????… >>> More
JSF 2.0 AJAX: jsf.ajax.request to call method not only rerender an area of page

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm looking for a soultion of the following problem: _The is a list of links with different types of cars. _The user can click on each car in the list and a ajax request should be sent. _The response of the ajax request should be dependent on the id (of each car) and displayed in an panelGroup… >>> More
JBoss RichFaces vs IceFaces vs Apache Trinidad - JSF component libraries comparison

as seen on Stack Overflow - Search for 'Stack Overflow'
What do you think/use for interface layer? The "backing" layer will be Spring 3. The criteria are : Your privete opinion Components Documentation AJAX Integration Browser support Community Tool support (Eclipse, NetBeans) I found some comparison topics but it was about 2007 and old versions. >>> More

Related posts about authorization

Apache2 - mod_rewrite : RequestHeader and environment variables

as seen on Server Fault - Search for 'Server Fault'
I try to get the value of the request parameter "authorization" and to store it in the header "Authorization" of the request. The first rewrite rule works fine. In the second rewrite rule the value of $2 does not seem to be stored in the environement variable. As a consequence the request header… >>> More
Apache2 - mod_rewrite : RequestHeader and environment variables

as seen on Server Fault - Search for 'Server Fault'
I try to get the value of the request parameter "authorization" and to store it in the header "Authorization" of the request. The first rewrite rule works fine. In the second rewrite rule the value of $2 does not seem to be stored in the environement variable. As a consequence the request header… >>> More
OAuth: Token-Based Authorization for the Social Networking Age

as seen on Internet.com - Search for 'Internet.com'
The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites. >>> More
OAuth: Token-Based Authorization for the Social Networking Age

as seen on Internet.com - Search for 'Internet.com'
The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites. >>> More
Implementing OAuth Authorization on Social Networks

as seen on Internet.com - Search for 'Internet.com'
Walk through all the necessary steps for implementing the OAuth token-based authorization system—a perfect security solution for the social networking age—on both the consumer and provider sides. >>> More