Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.0k views
in Technique[技术] by (71.8m points)

how to implement Shiro Security of Grails in my Project

i m new to Grails and using some Shiro security. I have made a little site with login page and if login successful it redirects me to another loggedin page.

now i want to implement Shiro Security. I have run that plugin and quick start app of Shiro on new Grails Project.

what i want to achieve is that how can i implement my security on my own pages using the Quick Start Files and code. Please guide. a little. which files should i use from that quick start and what changing should i made. ?

waiting for some positive response :)

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

let's first start with a fresh app:

grails create-app ShiroDemo

now install shiroby adding it to the plugins section of BuildConfig.groovy:

plugins { compile ":shiro:1.1.4" }

we need the auth controller and the wildcard-realm:

grails create-auth-controller
grails create-wildcard-realm

now let's create a dummy user with the needed role and permissions in bootstrap.groovy:

import org.apache.shiro.crypto.hash.Sha256Hash
class BootStrap {
    def init = { servletContext ->
        def roleUser = new ShiroRole(name:'USER')
        roleUser.addToPermissions('auth:*')
        roleUser.addToPermissions('controller:action')
        roleUser.save(flush:true, failOnError: true)
        def testUser = new ShiroUser(username:'kermit',passwordHash:new Sha256Hash("password").toHex())
        testUser.addToRoles(roleUser)
        testUser.save(flush:true, failOnError: true)
    }
    def destroy = {
    }
}

Take a look at the role.User.addToPermissions lines. Here you grant permissions to your controllers and actions. If the role is missing a permission, a user will be redirected to the access denied page. You'll find a good description of how to specify permissions on the shiro plugin page: http://www.grails.org/plugin/shiro You'll have to add more permissions for the rest of your application functionality. You can add those permission also directly to the user - sometimes useful for testing or if you don't want to setup a new role for something special.

btw: make sure to use the sha256hash and not the sha1hash which will not work with the current shiro version.

last thing we have to do is create the /conf/SecurityFilters.groovy class:

class SecurityFilters {
    def filters = {
        all(uri: "/**") {
            before = {
                // Ignore direct views (e.g. the default main index page).
                if (!controllerName) return true

                // Access control by convention. 
                accessControl() 
            } 
        } 
    } 
}

This will install access control for all controllers but not direct views (our index page).

Now give it a try and run your project:

grails run-app

hope that helps!


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...