Reputation: 1002
Grails: How to protect gsp views with shiro?
I am using shiro to protect my grails application, using the default setup as with
grails shiro-quick-start
and a custom user. So far, all controller actions are protected, but if I put in the URL to a GSP-File (say, index.gsp), I do not get a login prompt.
The default filter I use is
def filters = {
all(uri: "/**") {
before = {
accessControl()
}
}
}
but seemingly GSP-Files do not match this URI-Filter. What URI-Filter do I have to use? I am using grails 1.3.7 and shiro plugin 1.1.3
Upvotes: 1
Views: 723
Answers (1)
Reputation: 11012
very interesting, but seems to be a grails problem, not a shiro one.
I didn't manage to secure /object/view.gsp pages through the filters mechanism - it seems to be based on controller/action and since there is no controller involved...
But I did find another solution. Add the following line to your UrlMappings.groovy file
"/$folder/${view}.gsp"(controller:'auth', action:'login')
this will send your .gsp files through a controller.
Upvotes: 1
Related Questions
- Is there a way to prevent request from reaching the action in grails using filters
- Grails security filter all action but except one
- Restricting a page view using spring security in a grails application
- how to implement Shiro Security of Grails in my Project
- Grails security filter and /index.gsp
- How to prevent direct access to *.gsp pages in Grails
- how to restrict action in grails shiro security
- Grails filters: can't make it work !
- Secure some, but not all pages in a Grails application with the Shiro plugin
- Using Shiro to secure services in grails