shiro注释不适用于grails。谁能告诉我什么是错的?

时间:2015-01-11 02:50:44

标签: grails shiro

当我使用@RequiresPermissions时,我无法解析符号'RequiresPermissions'错误。我已导入org.apache.shiro.authz.annotation.RequiresPermissions。 注释用作@RequiresPermissions("module:books:list")

我的授权类

class AuthController {

    def shiroSecurityManager

    def index = { redirect(action: "login", params: params) }

    def login = {
        return [ username: params.username, rememberMe: (params.rememberMe != null), targetUri: params.targetUri ]
    }

    def signIn = {
        def authToken = new UsernamePasswordToken(params.username, params.password as String)

        // Support for "remember me"
        if (params.rememberMe) {
            authToken.rememberMe = true
        }

        // If a controller redirected to this page, redirect back
        // to it. Otherwise redirect to the root URI.
        def targetUri = params.targetUri ?: "/"

        // Handle requests saved by Shiro filters.
        SavedRequest savedRequest = WebUtils.getSavedRequest(request)
        if (savedRequest) {
            targetUri = savedRequest.requestURI - request.contextPath
            if (savedRequest.queryString) targetUri = targetUri + '?' + savedRequest.queryString
        }

        try{
            // Perform the actual login. An AuthenticationException
            // will be thrown if the username is unrecognised or the
            // password is incorrect.
            SecurityUtils.subject.login(authToken)

            log.info "Redirecting to '${targetUri}'."
            redirect(uri: targetUri)
        }
        catch (AuthenticationException ex){
            // Authentication failed, so display the appropriate message
            // on the login page.
            log.info "Authentication failure for user '${params.username}'."
            flash.message = message(code: "login.failed")

            // Keep the username and "remember me" setting so that the
            // user doesn't have to enter them again.
            def m = [ username: params.username ]
            if (params.rememberMe) {
                m["rememberMe"] = true
            }

            // Remember the target URI too.
            if (params.targetUri) {
                m["targetUri"] = params.targetUri
            }

            // Now redirect back to the login page.
            redirect(action: "login", params: m)
        }
    }

    def signOut = {
        // Log the user out of the application.
        SecurityUtils.subject?.logout()
        webRequest.getCurrentRequest().session = null

        // For now, redirect back to the home page.
        redirect(uri: "/")
    }

    def unauthorized = {
        render "You do not have permission to access this page."
    }
}

我的应用程序运行但是当我使用我设置的用户登录时,它直接将我发送到未经授权的页面。我已经允许用户获得一些权限。

1 个答案:

答案 0 :(得分:1)

如果您查看the Javadoc注释(或源代码),您会看到允许将其分配给类型(类级别)和方法(@Target(value={TYPE,METHOD}))。您将控制器操作定义为闭包,Grails 2.0+仍然支持这些闭包,但现在首选方法。你不能在闭包上使用那个注释,因为它们不是方法,即使Grails和Groovy让你像方法一样使用它们。如果Target注释包含FIELD以及其他类型,它会起作用,但它不会,因为Shiro库不直接支持Grails控制器中的闭包。

因此,将所有操作从闭包更改为方法,例如

def index() { redirect(action: "login", params: params) }

def login() {
   ...
}

....

然后你可以注释它们。