A filter that translates an HTTP Request's Method (eg GET, POST, etc) into an corresponding action (verb) and uses that verb to construct a permission that will be checked to determine access.
This Filter is primarily provided to support REST environments where the type (Method) of request translates to an action being performed on one or more resources. This paradigm works well with Shiro's concepts of using permissions for access control and can be leveraged to easily perform permission checks.
This filter functions as follows:
- The incoming HTTP request's Method (GET, POST, PUT, DELETE, etc) is discovered.
- The Method is translated into a more 'application friendly' verb, such as 'create', edit', 'delete', etc.
- The verb is appended to any configured permissions for the {@link org.apache.shiro.web.filter.PathMatchingFilter currently matching path}.
- If the current {@code Subject} {@link org.apache.shiro.subject.Subject#isPermitted(String) isPermitted} toperform the resolved action, the request is allowed to continue.
For example, if the following filter chain was defined, where 'rest' was the name given to a filter instance of this class:
/user/** = rest[user]
Then an HTTP {@code GET} request to {@code /user/1234} would translate to the constructed permission{@code user:read} (GET is mapped to the 'read' action) and execute the permission check
Subject.isPermitted("user:read")
in order to allow the request to continue.
Similarly, an HTTP {@code POST} to {@code /user} would translate to the constructed permission{@code user:create} (POST is mapped to the 'create' action) and execute the permission check
Subject.isPermitted("user:create")
in order to allow the request to continue.
Method To Verb Mapping
The following table represents the default HTTP Method-to-action verb mapping:
HTTP Method | Mapped Action | Example Permission | Runtime Check |
head | read | perm1 | perm1:read |
get | read | perm2 | perm2:read |
put | update | perm3 | perm3:update |
post | create | perm4 | perm4:create |
mkcol | create | perm5 | perm5:create |
options | read | perm6 | perm6:read |
trace | read | perm7 | perm7:read |
@author Brian Demers
@author Tamas Cservenak
@author Les Hazlewood
@since 1.0