当我使用@RequiresPermissions
时,我无法解析符号'RequiresPermissions'错误。我已导入org.apache.shiro.authz.annotation.RequiresPermissions
。
注释用作@RequiresPermissions("module:books:list")
我的授权类
class AuthController {
def shiroSecurityManager
def index = { redirect(action: "login", params: params) }
def login = {
return [ username: params.username, rememberMe: (params.rememberMe != null), targetUri: params.targetUri ]
}
def signIn = {
def authToken = new UsernamePasswordToken(params.username, params.password as String)
// Support for "remember me"
if (params.rememberMe) {
authToken.rememberMe = true
}
// If a controller redirected to this page, redirect back
// to it. Otherwise redirect to the root URI.
def targetUri = params.targetUri ?: "/"
// Handle requests saved by Shiro filters.
SavedRequest savedRequest = WebUtils.getSavedRequest(request)
if (savedRequest) {
targetUri = savedRequest.requestURI - request.contextPath
if (savedRequest.queryString) targetUri = targetUri + '?' + savedRequest.queryString
}
try{
// Perform the actual login. An AuthenticationException
// will be thrown if the username is unrecognised or the
// password is incorrect.
SecurityUtils.subject.login(authToken)
log.info "Redirecting to '${targetUri}'."
redirect(uri: targetUri)
}
catch (AuthenticationException ex){
// Authentication failed, so display the appropriate message
// on the login page.
log.info "Authentication failure for user '${params.username}'."
flash.message = message(code: "login.failed")
// Keep the username and "remember me" setting so that the
// user doesn't have to enter them again.
def m = [ username: params.username ]
if (params.rememberMe) {
m["rememberMe"] = true
}
// Remember the target URI too.
if (params.targetUri) {
m["targetUri"] = params.targetUri
}
// Now redirect back to the login page.
redirect(action: "login", params: m)
}
}
def signOut = {
// Log the user out of the application.
SecurityUtils.subject?.logout()
webRequest.getCurrentRequest().session = null
// For now, redirect back to the home page.
redirect(uri: "/")
}
def unauthorized = {
render "You do not have permission to access this page."
}
}
我的应用程序运行但是当我使用我设置的用户登录时,它直接将我发送到未经授权的页面。我已经允许用户获得一些权限。
答案 0 :(得分:1)
如果您查看the Javadoc注释(或源代码),您会看到允许将其分配给类型(类级别)和方法(@Target(value={TYPE,METHOD})
)。您将控制器操作定义为闭包,Grails 2.0+仍然支持这些闭包,但现在首选方法。你不能在闭包上使用那个注释,因为它们不是方法,即使Grails和Groovy让你像方法一样使用它们。如果Target
注释包含FIELD
以及其他类型,它会起作用,但它不会,因为Shiro库不直接支持Grails控制器中的闭包。
因此,将所有操作从闭包更改为方法,例如
def index() { redirect(action: "login", params: params) }
def login() {
...
}
....
然后你可以注释它们。