Reputation: 4256
how to detect whether a uri is allow by shiro or extract controller name from uri
i have a uri such as someController/someAction?param1=aa¶m2=bb
is there some method of grails can extract controller name and action name from this uri.
or shiro has any method to detect this uri is permitted?
i have a domain Menu(name,url), and now want to get the menu list which is permitted for current user.
url such as /auth/login(may be mapping as user:login), /user/login
so 2 days ago i ask this question.
now i change the menu to (name,controller,action,param),and filter the menulist like this:
def subject = SecurityUtils.subject;
menuList.each{
if(it.permission){
def perm = shiroPermissionResolver.resolvePermission("${it.permission.controller}:${it.permission.action}")
def isPermitted = subject.isPermitted(perm)
println "$isPermitted -> ${it.permission.controller}:${it.permission.action}"
}
}
sorry for my poor english,and thanks for reply.
btw,here is another question of how to cache shiro: how to use cache permissions in grails shiro
To proflux: so what do u think is the better way to store menulist? cause:
- it need to show different menu to user due to their permissions.
- sometime we update a webapp, but want to show menu to user later. so we only need to change such as a menu.visible. (better than change hard code cfg or source).
- we areusing extjs to show the menu(so nav plugin cant use).
Upvotes: 1
Views: 1106
Answers (1)
Reputation: 3560
Shiro uses the convention of $controller:$action for permissions. You have two options:
- Use the Shiro Tags
- Use the Shiro API directly
In the first case, in your GSP you can add something like:
<shiro:hasPermission permission="someController:someAction">
<g:link...>
</shiro:hasPermission>
<shiro:lacksPermission permission="someController:someAction">
No link
</shiro:lacksPermission>
Alternatively, you can use the <g:if...> tag and use the
SecurityUtils.subject.isPermitted("someController:someAction")
method to directly check if the user has the necessary permission.
For more info, check out the Grails Shiro Tag Library Source and the Shiro API docs.
Upvotes: 3
Related Questions
- Grails controller names and URL mappings
- Grails get url of originating controller
- Grails 2.3.8 check url mappings for string occurence
- Accessing specific controller in grails shiro plugin
- Determine the url (or controller and action names) of a request which is unauthorized with Shiro Grails plugin
- Grails: How to protect gsp views with shiro?
- how to differentiate grails url mappings
- Wild card url interception in Grails using Spring Security
- How to get the URI of a resource in Grails?
- Creating a Grails URLMapping for all methods in a controller?