从shiro中的过滤器中删除网址中的网址

时间:2017-04-26 12:01:38

标签: authentication grails shiro

我有多个url,我需要完成机器到机器(MToM)身份验证以及一些不需要身份验证的URL。如何排除需要身份验证的URL。 我的代码看起来像这样......

class MToMFilters {

    def filters = {

        all(uri: "/api/mtom/**") {
             before = {
                boolean isAccessControl = false
                validateRequest(controllerName,actionName,isAccessControl)
                if(isAccessControl)
                    accessControl()
             }
        }

        allUser(uri:"/user/**"){
            before = {
                if (
                    !(controllerName == 'office' && actionName == 'hall') &&
                    !(request.forwardURI.contains("/api/"))
                ) {
                    accessControl()
                }
            }
        }

    }
    def validateRequest(String controllerName,String actionName,boolean isAccessControl){
        def isValidRequest = false
        MToMToken authToken = new MToMToken(username:"xyz")
        try {
            SecurityUtils.subject.login(authToken)
            isValidRequest = true
            //if no exception, that's it, we're done!
        } catch ( UnknownAccountException uae ) {
            //username wasn't in the system, show them an error message?
            log.error uae
        } catch ( IncorrectCredentialsException ice ) {
            //password didn't match, try again?
            log.error ice
        } catch ( LockedAccountException lae ) {
            //account for that username is locked - can't login.  Show them a message?
            log.error lae
        } catch ( AuthenticationException ae ) {
            //unexpected condition - error?
            log.error ae
        }

        if(!isValidRequest) {
            render(contentType: "application/json") {
                def err = new Error(statusCode:4001, statusMessage:"Invalid source client or Request was tempered.")
                new Response(error: [err], statusCode:4001, statusMessage:"Invalid source client or Request was tempered.")
            }
            return false
        }

        log.info "User authenticated successfully!"
        log.info "isValidRequest: "+isValidRequest
        if (!(controllerName == 'office' && actionName == 'hall') && isValidRequest) {
            isAccessControl = true
        }
    }

}

我有一个不应该通过身份验证的网址:/ api / mtom / abcd

0 个答案:

没有答案