Shiro plugin

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Shiro plugin

Greg Pagendam-Turner
Hi All,

I'm trying to get Shiro working with my application.

I'm using Grails 2.0.4 and Shiro plugin 1.1.4

What I want is for:
-  any views under /user to be secured so they can only be accessed by
remembered users
- any views under /secure to be secured to authenticated users
- any views under /admin to be secured to authenticated admins

Shiro only seems to secure controllers and not plain gsp views.

I've done some googling and found the suggestion that you should add to
UrlMappings:

         "/$folder/${view}.gsp"(controller:'auth', action:'login')

but this does not send any authentication through the auth controller

If I use explicitly:

         "/user/home.gsp"(controller:'auth', action:'login')

The page is secured but keeps prompting for signin even after already
signing in.

Regards,

Greg


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


SN
Reply | Threaded
Open this post in threaded view
|

Re: Shiro plugin

SN

You should be able to map your views to a controller/action where you will check the authorization and then forward the request to original view

Some thing like this in your url mappings

/$folder/$name.gsp(controller:'ViewAuthorization', action:'authorize')

Then in your controller action - check for the folder name and enforce the authorization, if authorized render the original view 
 
   
Sudhir 
 
   
Sudhir 
 


From: Greg Pagendam-Turner <[hidden email]>
To: [hidden email]
Sent: Saturday, 2 June 2012 5:56 AM
Subject: [grails-user] Shiro plugin

Hi All,

I'm trying to get Shiro working with my application.

I'm using Grails 2.0.4 and Shiro plugin 1.1.4

What I want is for:
-  any views under /user to be secured so they can only be accessed by remembered users
- any views under /secure to be secured to authenticated users
- any views under /admin to be secured to authenticated admins

Shiro only seems to secure controllers and not plain gsp views.

I've done some googling and found the suggestion that you should add to UrlMappings:

        "/$folder/${view}.gsp"(controller:'auth', action:'login')

but this does not send any authentication through the auth controller

If I use explicitly:

        "/user/home.gsp"(controller:'auth', action:'login')

The page is secured but keeps prompting for signin even after already signing in.

Regards,

Greg


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

  http://xircles.codehaus.org/manage_email