Examples of org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter

• org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
  A filter that translates an HTTP Request's Method (eg GET, POST, etc) into an corresponding action (verb) and uses that verb to construct a permission that will be checked to determine access.

  This Filter is primarily provided to support REST environments where the type (Method) of request translates to an action being performed on one or more resources. This paradigm works well with Shiro's concepts of using permissions for access control and can be leveraged to easily perform permission checks.

  This filter functions as follows:

  1. The incoming HTTP request's Method (GET, POST, PUT, DELETE, etc) is discovered.
  2. The Method is translated into a more 'application friendly' verb, such as 'create', edit', 'delete', etc.
  3. The verb is appended to any configured permissions for the {@link org.apache.shiro.web.filter.PathMatchingFilter currently matching path}.
  4. If the current {@code Subject} {@link org.apache.shiro.subject.Subject#isPermitted(String) isPermitted} toperform the resolved action, the request is allowed to continue.

  For example, if the following filter chain was defined, where 'rest' was the name given to a filter instance of this class:

   /user/** = rest[user]

  Then an HTTP {@code GET} request to {@code /user/1234} would translate to the constructed permission{@code user:read} (GET is mapped to the 'read' action) and execute the permission checkSubject.isPermitted("user:read") in order to allow the request to continue.

  Similarly, an HTTP {@code POST} to {@code /user} would translate to the constructed permission{@code user:create} (POST is mapped to the 'create' action) and execute the permission checkSubject.isPermitted("user:create") in order to allow the request to continue.

  Method To Verb Mapping

  The following table represents the default HTTP Method-to-action verb mapping:

  HTTP Method	Mapped Action	Example Permission	Runtime Check
  head	read	perm1	perm1:read
  get	read	perm2	perm2:read
  put	update	perm3	perm3:update
  post	create	perm4	perm4:create
  mkcol	create	perm5	perm5:create
  options	read	perm6	perm6:read
  trace	read	perm7	perm7:read

  @author Brian Demers @author Tamas Cservenak @author Les Hazlewood @since 1.0

        SimpleAccessControlFilter foobar = new SimpleAccessControlFilter();
        foobar.setApplicationName("Foobar Application");

        bindNamedFilter("foobar", foobar);
        bindNamedFilter("perms", new HttpMethodPermissionFilter());
      }
    };
  }