let's first start with a fresh app:
grails create-app ShiroDemo
now install shiroby adding it to the plugins section of BuildConfig.groovy:
plugins {
compile ":shiro:1.1.4"
}
we need the auth controller and the wildcard-realm:
grails create-auth-controller
grails create-wildcard-realm
now let's create a dummy user with the needed role and permissions in bootstrap.groovy:
import org.apache.shiro.crypto.hash.Sha256Hash
class BootStrap {
def init = { servletContext ->
def roleUser = new ShiroRole(name:'USER')
roleUser.addToPermissions('auth:*')
roleUser.addToPermissions('controller:action')
roleUser.save(flush:true, failOnError: true)
def testUser = new ShiroUser(username:'kermit',passwordHash:new Sha256Hash("password").toHex())
testUser.addToRoles(roleUser)
testUser.save(flush:true, failOnError: true)
}
def destroy = {
}
}
Take a look at the role.User.addToPermissions lines. Here you grant permissions to your controllers and actions. If the role is missing a permission, a user will be redirected to the access denied page. You'll find a good description of how to specify permissions on the shiro plugin page: http://www.grails.org/plugin/shiro
You'll have to add more permissions for the rest of your application functionality.
You can add those permission also directly to the user - sometimes useful for testing or if you don't want to setup a new role for something special.
btw: make sure to use the sha256hash and not the sha1hash which will not work with the current shiro version.
last thing we have to do is create the /conf/SecurityFilters.groovy class:
class SecurityFilters {
def filters = {
all(uri: "/**") {
before = {
// Ignore direct views (e.g. the default main index page).
if (!controllerName) return true
// Access control by convention.
accessControl()
}
}
}
}
This will install access control for all controllers but not direct views (our index page).
Now give it a try and run your project:
grails run-app
hope that helps!
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
