如何在我的项目中实现Grail安全性 [英] how to implement Shiro Security of Grails in my Project
问题描述
我使用登录页面创建了一个小站点,如果登录成功,它会将我重定向到另一个登录页面。
现在我想实现Shiro Security。我已经在新的Grails项目上运行Shiro的插件和快速启动应用程序。
我想要实现的是如何使用快速启动文件和代码在自己的页面上实现我的安全性。请指导。一点。我应该从那个快速入门使用哪些文件,以及我应该做些什么改变。 ?
等待一些积极的回应:) 首先让我们开始使用新鲜的应用程序:
grails create-app ShiroDemo
插件{
compile :shiro:1.1.4
我们需要auth控制器和通配符领域:
grails create-auth-controller
grails create-wildcard-realm
现在让我们在
bootstrap.groovy中创建一个具有所需角色和权限的虚拟用户:import org.apache.shiro.crypto.hash.Sha256Hash $ b $ class BootStrap {
def init = {servletContext - >
def roleUser = new ShiroRole(name:'USER')
roleUser.addToPermissions('auth:*')
roleUser.addToPermissions('controller:action')
roleUser。 save(flush:true,failOnError:true)
def testUser = new ShiroUser(username:'kermit',passwordHash:new Sha256Hash(password).toHex())
testUser.addToRoles(roleUser)
testUser.save(flush:true,failOnError:true)
}
def destroy = {
}
}
查看
role.User.addToPermissions行。在这里,您授予您的控制器和操作的权限。如果角色缺少权限,用户将被重定向到拒绝访问页面。你会发现如何在shiro插件页面上指定权限的很好的描述: http:// www。 grails.org/plugin/shiro
您必须为其他应用程序功能添加更多权限。
您可以直接将这些权限添加到用户 - 有时用于测试,或者您不想为特殊设置设置新角色。
btw:确保使用sha256hash而不是sha1hash,它不适用于当前的shiro版本。
我们要做的最后一件事是创建
/conf/SecurityFilters.groovyclass:class SecurityFilters {
def filters = {
all(uri:/ **){
before = {
//忽略直接视图(例如默认的主索引页面)。
if(!controllerName)返回true
//按照惯例访问控制。
accessControl()
}
}
}
}
这将为所有控制器安装访问控制,但不是直接的视图(我们的索引页)。
现在试试看并运行你的项目: / p>
grails run-app
希望有所帮助!
i m new to Grails and using some Shiro security. I have made a little site with login page and if login successful it redirects me to another loggedin page.
now i want to implement Shiro Security. I have run that plugin and quick start app of Shiro on new Grails Project.
what i want to achieve is that how can i implement my security on my own pages using the Quick Start Files and code. Please guide. a little. which files should i use from that quick start and what changing should i made. ?
waiting for some positive response :)
解决方案let's first start with a fresh app:
grails create-app ShiroDemonow install shiroby adding it to the plugins section of BuildConfig.groovy:
plugins { compile ":shiro:1.1.4" }
we need the auth controller and the wildcard-realm:
grails create-auth-controller grails create-wildcard-realmnow let's create a dummy user with the needed role and permissions in
bootstrap.groovy:import org.apache.shiro.crypto.hash.Sha256Hash class BootStrap { def init = { servletContext -> def roleUser = new ShiroRole(name:'USER') roleUser.addToPermissions('auth:*') roleUser.addToPermissions('controller:action') roleUser.save(flush:true, failOnError: true) def testUser = new ShiroUser(username:'kermit',passwordHash:new Sha256Hash("password").toHex()) testUser.addToRoles(roleUser) testUser.save(flush:true, failOnError: true) } def destroy = { } }Take a look at the
role.User.addToPermissionslines. Here you grant permissions to your controllers and actions. If the role is missing a permission, a user will be redirected to the access denied page. You'll find a good description of how to specify permissions on the shiro plugin page: http://www.grails.org/plugin/shiro You'll have to add more permissions for the rest of your application functionality. You can add those permission also directly to the user - sometimes useful for testing or if you don't want to setup a new role for something special.btw: make sure to use the sha256hash and not the sha1hash which will not work with the current shiro version.
last thing we have to do is create the
/conf/SecurityFilters.groovyclass:class SecurityFilters { def filters = { all(uri: "/**") { before = { // Ignore direct views (e.g. the default main index page). if (!controllerName) return true // Access control by convention. accessControl() } } } }This will install access control for all controllers but not direct views (our index page).
Now give it a try and run your project:
grails run-apphope that helps!
这篇关于如何在我的项目中实现Grail安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
