如何在grails shiro安全中限制操作 [英] how to restrict action in grails shiro security

问题描述

。请引导我，我在我的控制器中有两种方法，一种是登录，另一种是注销。和1个角色'用户'在我的数据库中定义，我有一个用户与该角色。现在我想要做的是该人可以登录，但无法访问注销按钮。如何添加允许该用户不注销的权限/限制。

.please guide me that i have 2 methods in my Controller one is login and second is logout. and 1 role 'user' defined in my DB and i have a user with that role. now what i want to do is that person can login but could not access the logout button. how can i add permission/restrictions that would allow that user not to Logout.

推荐答案

看看您的其他问题（http ：//stackoverflow.com/questions/5815401/how-to-implement-shiro-security-of-grails-in-my-project）并使用 roleUser.addToPermissions（'auth：login，signIn' ）作为权限。这增加了您的问题中描述的权限：只允许登录，注销不在列表中，因此不被允许。我们必须说明不仅登录，它将显示登录屏幕，而且 signIn 这是实际操作登录。

Take a look at your other question (http://stackoverflow.com/questions/5815401/how-to-implement-shiro-security-of-grails-in-my-project) and use roleUser.addToPermissions('auth:login,signIn') as permission. This adds the permissions as described in your question: only login is allowed, logout is not in the list and thus not allowed. We have to state not only login which will show the login screen, but also signIn which is the action of the actual sign in.

这篇关于如何在grails shiro安全中限制操作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！