Daniel, Thanks for the help ... I was feeling a bit NOOBish ... and you know that ain't a good feeling.
My first and best resource in using JSecurity/Shiro was ... http://tramuntanal.wikidot.com/jsecurityplugin That worked and then ... I went off the deep end, trying to build Shiro from source and not use the plugin ... I'm obviously not ready for that yet. So, I'm back to using the plugin and things are working great. Yeah. I had renamed "SecurityFilters" ... Where is that name specified?? ... anyway, renaming my configuration file back to "SecurityFilters" made everything better. Below is my "SecurityFilters.groovy" file ... ====================================== /** * * @author virtuola */ class SecurityFilters { def filters = { // Ensure that all controllers and actions require an authenticated user, // except for the "public" controller auth(controller: "*", action: "*") { before = { // Exclude the "public" controller. if (controllerName == "public") return true // This just means that the user must be authenticated. He does // not need any particular role or permission. accessControl { true } } } // Creating, modifying, or deleting a coach requires the "Administrator" // role. coachEditing(controller: "coach", action: "(create|edit|save|update|delete)") { before = { accessControl { role("Administrator") } } } // Showing a coach requires the "Administrator" *or* the "User" roles. coachShow(controller: "coach", action: "show") { before = { accessControl { role("Administrator") || role("User") } } } } } ====================================== I noticed that you had a misspelling in your example below ... does that work?? ... It seems to me that the Class is hard-coded somewhere and I couldn't find out where.... Do you know? I an going to have simple, but effective security for my web app and it's easy and very secure. With passwords encrypted ... one question ... What about using SSL with Grails? I'm using Tomcat 6.0 as my container ... Have you ever used the Resin Java app container ... my company uses it and it's ... stable ... but kind of weird. I had never heard of it before I started working on this job ... but as I read the web site ( http://www.caucho.com/) It seem that some very well financed operations are betting the farm on it. Any pointers on SSL, Daniel? Another question ... you have ... case 'help': case 'home': as part of your list of controllers that get a pass ... would you really have separate controllers for "Help" or your "Home" page ... or would one controller "Public", for instance, be sufficient for all "non-authorized" content. Joe Terry www.ScoreEZ.com Daniel J. Lauk wrote: > >> I've created a new grails project .... installed the shiro plugin ... and >> it's mostly working ... no source, for now. > > Mostly working sounds good... or bad... depends on your schedule and > the blood pressure of your manager, I guess :-) > >> I just need to figure out how I had it filtering every request and if not >> an >> authenticated user, going to the controller "public" and action "index". >> >> I have the Filter that worked, but somehow it's not configure properly to >> work now, but at least no more dreaded stack traces. > > Well, the classic grails plugin way to do this is something along the > lines of: > > // grails-app/conf/SecurityFilters.groovy > > class SecuirtyFilters { > > def filters = { > > // require authentication for all controllers, except > // 'auth', 'home', and 'help' > auth(controller: '*', action: '*') { > before = { > switch (controllerName) { > case 'auth': > case 'help': > case 'home': > return true > } > > accessControl { true } > } > } > > // more filters here ... > > } > > } > > > HTH > > Cheers, > DJ > > -- View this message in context: http://n2.nabble.com/Shiro-Source%2C-Custom-DB-Architechture-and-Grails-...-tp3421870p3435203.html Sent from the Shiro User mailing list archive at Nabble.com.
