1. 技术文章
  2. how to detect whether a uri is allow by shiro or extract controller name from uri

how to detect whether a uri is allow by shiro or extract controller name from uri

我怕爱的太早我们不能终老 提交于 2019-12-13 02:37:47

问题


i have a uri such as someController/someAction?param1=aa&param2=bb

is there some method of grails can extract controller name and action name from this uri.

or shiro has any method to detect this uri is permitted?

i have a domain Menu(name,url), and now want to get the menu list which is permitted for current user.

url such as /auth/login(may be mapping as user:login), /user/login

so 2 days ago i ask this question.

now i change the menu to (name,controller,action,param),and filter the menulist like this:

def subject = SecurityUtils.subject;
menuList.each{
  if(it.permission){
     def perm = shiroPermissionResolver.resolvePermission("${it.permission.controller}:${it.permission.action}")
     def isPermitted = subject.isPermitted(perm)
     println "$isPermitted -> ${it.permission.controller}:${it.permission.action}"
  }
}

sorry for my poor english,and thanks for reply.

btw,here is another question of how to cache shiro: how to use cache permissions in grails shiro

To proflux: so what do u think is the better way to store menulist? cause:

  1. it need to show different menu to user due to their permissions.
  2. sometime we update a webapp, but want to show menu to user later. so we only need to change such as a menu.visible. (better than change hard code cfg or source).
  3. we areusing extjs to show the menu(so nav plugin cant use).

回答1:


Shiro uses the convention of $controller:$action for permissions. You have two options:

  1. Use the Shiro Tags
  2. Use the Shiro API directly

In the first case, in your GSP you can add something like:

<shiro:hasPermission permission="someController:someAction">
     <g:link...>
</shiro:hasPermission>
<shiro:lacksPermission permission="someController:someAction">
     No link
</shiro:lacksPermission>

Alternatively, you can use the <g:if...> tag and use the 

SecurityUtils.subject.isPermitted("someController:someAction")

method to directly check if the user has the necessary permission.

For more info, check out the Grails Shiro Tag Library Source and the Shiro API docs.



来源:https://stackoverflow.com/questions/4415488/how-to-detect-whether-a-uri-is-allow-by-shiro-or-extract-controller-name-from-ur

标签
grails
shiro
url-mapping
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!