Quantcast
Grails Grails - user

Shiro

classic Classic list List threaded Threaded
10 messages Options
suryazi
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Shiro

suryazi
I would like to know how to unprotect certain pages after securing the application using Shiro plugin
John Moore
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Shiro

John Moore
That's a rather vague question, so I'm not entirely sure what you're after. Whether or not a page is 'protected' is determined by the filters you have in ShiroSecurityFilters.groovy. The initial configuration of this after you run the quick start shows an example of a page being marked as unprotected, namely the main index page (for which there is no controller). Returning true from this filter ensures the page is unprotected.

// Ignore direct views (e.g. the default main index page).
if (!controllerName) return true
suryazi
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Shiro

suryazi
Thank you for your below mail, what you have stated is correct. I would like to unprotect my Controller: signup View: index page so that the new users can able to register themselves, what changes I have to made in ShiroSecurityFilters.groovy to make it happen.
John Moore wrote
That's a rather vague question, so I'm not entirely sure what you're after. Whether or not a page is 'protected' is determined by the filters you have in ShiroSecurityFilters.groovy. The initial configuration of this after you run the quick start shows an example of a page being marked as unprotected, namely the main index page (for which there is no controller). Returning true from this filter ensures the page is unprotected. // Ignore direct views (e.g. the default main index page). if (!controllerName) return true
Göran Ehrsson
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Shiro

Göran Ehrsson
You can do something like this:

class SecurityFilters {

    def publicControllers = ["signup"]

def filters = {
        // Ensure that all controllers and actions require an authenticated user,
        // except for "public" controllers.
        auth(controller: "*", action: "*") {
            before = {
                // Ignore direct views (e.g. the default main index page).
                if (!controllerName) return true

                // Exclude the "public" controller.
                if (publicControllers.contains(controllerName)) return true

                // This just means that the user must be authenticated. He does
                // not need any particular role or permission.
                accessControl()
            }
        }
}

Regards

/Goran Ehrsson


12 jun 2012 kl. 14:11 skrev suryazi:

Thank you for your below mail, what you have stated is correct. I would like to unprotect my Controller: signup View: index page so that the new users can able to register themselves, what changes I have to made in ShiroSecurityFilters.groovy to make it happen.
John Moore wrote
That's a rather vague question, so I'm not entirely sure what you're after. Whether or not a page is 'protected' is determined by the filters you have in ShiroSecurityFilters.groovy. The initial configuration of this after you run the quick start shows an example of a page being marked as unprotected, namely the main index page (for which there is no controller). Returning true from this filter ensures the page is unprotected. // Ignore direct views (e.g. the default main index page). if (!controllerName) return true

View this message in context: Re: Shiro
Sent from the Grails - user mailing list archive at Nabble.com.
suryazi
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Shiro

suryazi
I tried the below code, but it is not working. Whenever I am trying to Signup, I am being redirected to the Shiro Login page. Another problem which I found out with the below code is that it is intending to unprotect the whole controller whereas I would like to have a more finer approach by unprotecting a specific action inside a controller. Is there a way to do it?
Göran Ehrsson wrote
You can do something like this: class SecurityFilters { def publicControllers = ["signup"] def filters = { // Ensure that all controllers and actions require an authenticated user, // except for "public" controllers. auth(controller: "*", action: "*") { before = { // Ignore direct views (e.g. the default main index page). if (!controllerName) return true // Exclude the "public" controller. if (publicControllers.contains(controllerName)) return true // This just means that the user must be authenticated. He does // not need any particular role or permission. accessControl() } } } Regards /Goran Ehrsson 12 jun 2012 kl. 14:11 skrev suryazi: > Thank you for your below mail, what you have stated is correct. I would like to unprotect my Controller: signup View: index page so that the new users can able to register themselves, what changes I have to made in ShiroSecurityFilters.groovy to make it happen. > John Moore wrote > That's a rather vague question, so I'm not entirely sure what you're after. Whether or not a page is 'protected' is determined by the filters you have in ShiroSecurityFilters.groovy. The initial configuration of this after you run the quick start shows an example of a page being marked as unprotected, namely the main index page (for which there is no controller). Returning true from this filter ensures the page is unprotected. // Ignore direct views (e.g. the default main index page). if (!controllerName) return true > > View this message in context: Re: Shiro > Sent from the Grails - user mailing list archive at Nabble.com.
suryazi
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Shiro

suryazi
In reply to this post by Göran Ehrsson
I tried the below code, but it is not working. Whenever I am trying to Signup, I am being redirected to the Shiro Login page. Another problem which I found out with the below code is that it is intending to unprotect the whole controller whereas I would like to have a more finer approach by unprotecting a specific action inside a controller. Is there a way to do it? <br/>
Göran Ehrsson wrote
You can do something like this:

class SecurityFilters {

    def publicControllers = ["signup"]

def filters = {
        // Ensure that all controllers and actions require an authenticated user,
        // except for "public" controllers.
        auth(controller: "*", action: "*") {
            before = {
                // Ignore direct views (e.g. the default main index page).
                if (!controllerName) return true

                // Exclude the "public" controller.
                if (publicControllers.contains(controllerName)) return true

                // This just means that the user must be authenticated. He does
                // not need any particular role or permission.
                accessControl()
            }
        }
}

Regards

/Goran Ehrsson


12 jun 2012 kl. 14:11 skrev suryazi:

> Thank you for your below mail, what you have stated is correct. I would like to unprotect my Controller: signup View: index page so that the new users can able to register themselves, what changes I have to made in ShiroSecurityFilters.groovy to make it happen.
> John Moore wrote
> That's a rather vague question, so I'm not entirely sure what you're after. Whether or not a page is 'protected' is determined by the filters you have in ShiroSecurityFilters.groovy. The initial configuration of this after you run the quick start shows an example of a page being marked as unprotected, namely the main index page (for which there is no controller). Returning true from this filter ensures the page is unprotected. // Ignore direct views (e.g. the default main index page). if (!controllerName) return true
>
> View this message in context: Re: Shiro
> Sent from the Grails - user mailing list archive at Nabble.com.
sdthomas
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Shiro

sdthomas
This post has NOT been accepted by the mailing list yet.
Just add another filter:

signUp(controller: "signup", action: "index") {
            before = {
                return true
            }
        }

This assumes  a simple index action in your signup controller:

def index = {}

You would do well study grails filters
felipecao
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Shiro

felipecao
In reply to this post by suryazi
This should do the trick:
https://gist.github.com/b2aec487305884609673/59d31c5ddf4c4a98507f7f10eac39890056119b8

On Tue, Jun 12, 2012 at 11:03 AM, suryazi <[hidden email]> wrote:

> I tried the below code, but it is not working. Whenever I am trying to
> Signup, I am being redirected to the Shiro Login page. Another problem which
> I found out with the below code is that it is intending to unprotect the
> whole controller whereas I would like to have a more finer approach by
> unprotecting a specific *action* inside a *controller*. Is there a way to do
> it? <br/>
>
> Göran Ehrsson wrote
>>
>> You can do something like this:
>>
>> class SecurityFilters {
>>
>>     def publicControllers = ["signup"]
>>
>> def filters = {
>>         // Ensure that all controllers and actions require an
>> authenticated user,
>>         // except for "public" controllers.
>>         auth(controller: "*", action: "*") {
>>             before = {
>>                 // Ignore direct views (e.g. the default main index page).
>>                 if (!controllerName) return true
>>
>>                 // Exclude the "public" controller.
>>                 if (publicControllers.contains(controllerName)) return
>> true
>>
>>                 // This just means that the user must be authenticated. He
>> does
>>                 // not need any particular role or permission.
>>                 accessControl()
>>             }
>>         }
>> }
>>
>> Regards
>>
>> /Goran Ehrsson
>>
>>
>> 12 jun 2012 kl. 14:11 skrev suryazi:
>>
>>> Thank you for your below mail, what you have stated is correct. I would
>>> like to unprotect my Controller: signup View: index page so that the new
>>> users can able to register themselves, what changes I have to made in
>>> ShiroSecurityFilters.groovy to make it happen.
>>> John Moore wrote
>>> That's a rather vague question, so I'm not entirely sure what you're
>>> after. Whether or not a page is 'protected' is determined by the filters
>>> you have in ShiroSecurityFilters.groovy. The initial configuration of
>>> this after you run the quick start shows an example of a page being
>>> marked as unprotected, namely the main index page (for which there is no
>>> controller). Returning true from this filter ensures the page is
>>> unprotected. // Ignore direct views (e.g. the default main index page).
>>> if (!controllerName) return true
>>>
>>> View this message in context: Re: Shiro
>>> Sent from the Grails - user mailing list archive at Nabble.com.
>>
>
>
> --
> View this message in context: http://grails.1312388.n4.nabble.com/Shiro-tp4629956p4629972.html
> Sent from the Grails - user mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
suryazi
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Shiro

suryazi
In reply to this post by sdthomas
Thank you for your advice to study grails filter. Before posting my question to the forum I did tried what you have suggested and it did not work.

sdthomas wrote
Just add another filter:

signUp(controller: "signup", action: "index") {
            before = {
                return true
            }
        }

This assumes  a simple index action in your signup controller:

def index = {}

You would do well study grails filters
suryazi
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Shiro

suryazi
In reply to this post by felipecao
+1     That's working

felipecao wrote
This should do the trick:
https://gist.github.com/b2aec487305884609673/59d31c5ddf4c4a98507f7f10eac39890056119b8

On Tue, Jun 12, 2012 at 11:03 AM, suryazi <[hidden email]> wrote:
> I tried the below code, but it is not working. Whenever I am trying to
> Signup, I am being redirected to the Shiro Login page. Another problem which
> I found out with the below code is that it is intending to unprotect the
> whole controller whereas I would like to have a more finer approach by
> unprotecting a specific *action* inside a *controller*. Is there a way to do
> it? <br/>
>
> Göran Ehrsson wrote
>>
>> You can do something like this:
>>
>> class SecurityFilters {
>>
>>     def publicControllers = ["signup"]
>>
>> def filters = {
>>         // Ensure that all controllers and actions require an
>> authenticated user,
>>         // except for "public" controllers.
>>         auth(controller: "*", action: "*") {
>>             before = {
>>                 // Ignore direct views (e.g. the default main index page).
>>                 if (!controllerName) return true
>>
>>                 // Exclude the "public" controller.
>>                 if (publicControllers.contains(controllerName)) return
>> true
>>
>>                 // This just means that the user must be authenticated. He
>> does
>>                 // not need any particular role or permission.
>>                 accessControl()
>>             }
>>         }
>> }
>>
>> Regards
>>
>> /Goran Ehrsson
>>
>>
>> 12 jun 2012 kl. 14:11 skrev suryazi:
>>
>>> Thank you for your below mail, what you have stated is correct. I would
>>> like to unprotect my Controller: signup View: index page so that the new
>>> users can able to register themselves, what changes I have to made in
>>> ShiroSecurityFilters.groovy to make it happen.
>>> John Moore wrote
>>> That's a rather vague question, so I'm not entirely sure what you're
>>> after. Whether or not a page is 'protected' is determined by the filters
>>> you have in ShiroSecurityFilters.groovy. The initial configuration of
>>> this after you run the quick start shows an example of a page being
>>> marked as unprotected, namely the main index page (for which there is no
>>> controller). Returning true from this filter ensures the page is
>>> unprotected. // Ignore direct views (e.g. the default main index page).
>>> if (!controllerName) return true
>>>
>>> View this message in context: Re: Shiro
>>> Sent from the Grails - user mailing list archive at Nabble.com.
>>
>
>
> --
> View this message in context: http://grails.1312388.n4.nabble.com/Shiro-tp4629956p4629972.html
> Sent from the Grails - user mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
Loading...
Powered by Nabble Edit this page