Thanks Peter,
I uninstalled JSecurity and installed Shiro plugin version 1.0.1
I run the command:
grail quick-start
I noticed that the plugin create just two domain classes, ShiroUser and
ShiroRole
Old versions of the plugin produces more domain classes like Permission,
UserRoleRel, UserPermissionRel
Does Shrio 1.0.1 favor string based permissions in ShiroUser/ShiroRole
instead of separate domain classes?
Thanks again Peter and thanks for your time.
Peter Ledbrook-2 wrote:
>
>> I have many Grails books but most of them discuss JSecurity plugin and
>> each
>> book cover it differently.
>
> Examples that cover the JSecurity plugin should apply to the Shiro
> plugin too. The most obvious difference is in the package names for
> the JSecurity/Shiro classes.
>
>> Our system uses the usual suspects: User, Role, Permission,
>> UserPermissionRel
>> I have to secure both, the controller and parts of GSP
>> I created the Realm file by following the source code of some Grails
>> books.
>> Now the security filter, would you please tell me what should be in it?
>> Why we need security filter in the first place?
>
> The Shiro plugin integrates with standard Grails filters to protect
> your application's pages. If you're not sure what Grails filters are,
> please read the Grails user guide.
>
> For Shiro, you need to implement "before" interceptors like so:
>
> class SecurityFilters {
> def filters = {
> all(controller: "*", action: "*") {
> before = {
> accessControl {
> role("Administrator")
> }
> }
> }
> }
> }
>
> The only bit specific to Shiro is the "accessControl" method. The
> above will ensure that only someone with the "Administrator" role can
> access the application's pages (since the filter applies to all
> controllers and actions).
>
> If you have fairly simple requirements, a better approach is to follow
> the quick-start guide on the plugin page:
>
> http://www.grails.org/plugin/shiro
>
> If you do follow those instructions, be sure to clear your script
> cache first (~/.grails/<grailsVersion>/scriptCache). Once you have
> installed the new realm and SecurityFilters class, you can open up
> your application by assigning permission to users or roles.
>
> Say you have a "book" controller and a user called "dilbert". You can
> give dilbert access to the book controller by assigning the
> appropriate permission:
>
> def user = SecUser.findByUsername("dilbert")
> user.addToPermissions("book")
> user.save()
>
> The above will allow dilbert to access all book actions. You can limit
> the actions by specifying a slightly different permission:
>
> user.addToPermissions("book:list,show")
>
>> Should my controllers implements one of Shiro interfaces?
>
> No.
>
> Hope that helps,
>
> Peter
>
>
--
View this message in context:
http://n2.nabble.com/I-need-clarification-and-help-with-Shiro-Grails-plugin-tp4126221p4126607.html
Sent from the Shiro User mailing list archive at Nabble.com.
