java ee - How to configure the filter chain programmatically? -


is there way programmatic restriction of user access particular [url] based on said users role.

example in shiro.ini file define :

      [urls]       ...   1.  /app/**= user

which can achieved in code defining filter chain so:

 .....   userfilter user = new userfilter();//create user filter  user.setloginurl("login.xhtml");   filterchainmanager fcman = new defaultfilterchainmanager(); fcman.addfilter("user", user);//add filter filter chain fcman.createchain("/app/**", "user");//define url path expression filtername  .....

my question here how achieve roles have done in shiro.ini file :

[urls] ... /api/admin/**= user, roles[admin] ...

for example: 

rolesauthorizationfilter adminrole = new rolesauthorizationfilter();//eg create role filter       adminrole.setloginurl("login.xhtml"); userfilter user = new userfilter();//create user filter user.setloginurl("login.xhtml");   filterchainmanager fcman = new defaultfilterchainmanager();  fcman.addfilter("user", user); fcman.addfilter("admin", adminrole);       fcman.createchain("/api/admin/**", "admin");

i author of book "pairing apache shiro , java ee 7" can grab free here.

enter image description here

in book, wrote shiro components programmatically, without need shiro.ini file.

i used cdi events produce filterchainresolver:

@produces public filterchainresolver getfilterchainresolver() {     filterchainresolver filterchainresolver = null;     if (filterchainresolver == null) {         formauthenticationfilter authc = new formauthenticationfilter();         anonymousfilter anon = new anonymousfilter();         userfilter user = new userfilter();          authc.setloginurl(webpages.login_url);         user.setloginurl(webpages.login_url);          filterchainmanager fcman = new defaultfilterchainmanager();         fcman.addfilter("authc", authc);         fcman.addfilter("anon", anon);         fcman.addfilter("user", user);          fcman.createchain("/index.html", "anon");         fcman.createchain("/css/**", "anon");         fcman.createchain("/api/**", "anon");         fcman.createchain(webpages.login_url, "authc");         fcman.createchain("/**", "user");          pathmatchingfilterchainresolver resolver = new pathmatchingfilterchainresolver();         resolver.setfilterchainmanager(fcman);         filterchainresolver = resolver;     }     return filterchainresolver; }

next, inject filterchainresolver in :

@weblistener public class shirolistener extends environmentloaderlistener {      @inject     websecuritymanager securitymanager;      @inject     filterchainresolver filterchainresolver;      @override     protected webenvironment createenvironment(servletcontext sc) {         defaultwebenvironment webenvironment = (defaultwebenvironment) super.createenvironment(sc);          webenvironment.setsecuritymanager(securitymanager);         webenvironment.setfilterchainresolver(filterchainresolver);          return webenvironment;     }     ... }

now, filterchainresolver applied, , go wanted.


Comments

Post a Comment

Popular posts from this blog

python Tkinter Capturing keyboard events save as one single string -

is possible store keyboard events 1 string? code below stores 1 char , prints it. card reader or bar code reader, contains collection of character/ string not 1 character @ time. goal save char pressed text variable. from tkinter import * root = tk() def key(event): text= event.char text+= event.char print ("pressed", text) def callback(event): frame.focus_set() print ("clicked at", event.x, event.y) frame = frame(root, width=100, height=100) frame.bind("<key>", key) frame.bind("<button-1>", callback) frame.pack() root.mainloop() currently, creating text variable , everytime key() function gets called, , text stores last character typed. you can define text module level variable , , use module level text inside key function - text = '' def key(event): global text text+= event.char print("pressed", text)
Read more

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m
Read more

javascript - Z-index in d3.js -

i have map , when hover effect on region of map below yellow line , circle, last ones disappear. how can solve problem? http://jsfiddle.net/ot21n9qx/ var arc = g.append("path") .style("fill", "none") .style("stroke", "yellow") .style("stroke-width", 2) .attr("d", "m" + pathorigin[0] + "," + pathorigin[1] + " q" + svgpoint[0] + "," + pathorigin[1] + " " + svgpoint[0] + "," + svgpoint[1]); var circlesize = d3.scale.linear() .domain([0, 0.5, 1]) .range([4, 10, 4]); svg not have z order draws objects in order created. need create path , circle after create highlight regions. here forked fiddle: http://jsfiddle.net/o00fzgaf/1/
Read more