2 Usage - Reference Documentation
Authors: Burt Beckwith
Version: 1.0.0
2 Usage
The first step is to add a dependency for the plugin inBuildConfig.groovy
:plugins { … compile ':spring-security-shiro:1.0.0' }
Permissions
To use the Shiro annotations and methods you need a way to associate roles and permissions with users. The Spring Security Core plugin already handles the role part for you, so you must configure permissions for this plugin. There is no script to create a domain class, but it's a very simple class and easy to create yourself. It can have any name and be in any package, but otherwise the structure must look like this:package com.mycompany.myappclass Permission { User user String permission static constraints = { permission unique: 'user' } }
Config.groovy
using the grails.plugin.springsecurity.shiro.permissionDomainClassName
property, e.g.grails.plugin.springsecurity.shiro.permissionDomainClassName = 'com.mycompany.myapp.Permission'
grails.plugin.springsecurity.shiro.ShiroPermissionResolver
interface, and define the Set<String> resolvePermissions(String username)
method any way you like. Register your bean as the shiroPermissionResolver
bean in resources.groovy
, for exampleimport com.mycompany.myapp.MyShiroPermissionResolverbeans = {
shiroPermissionResolver(MyShiroPermissionResolver)
}
Annotated service methods
Currently only Grails services and other Spring beans can be annotated, so this feature isn't available in controllers. You can use any of RequiresAuthentication, RequiresGuest, RequiresPermissions, RequiresRoles, and RequiresUser. See the Shiro documentation and Javadoc for the annotation syntax.Using Shiro directly
You should use the annotations to keep from cluttering your code with explicit security checks, but the standardSubject
methods will work:import org.apache.shiro.SecurityUtils import org.apache.shiro.subject.Subject...Subject subject = SecurityUtils.getSubject()subject.checkPermission('printer:print:lp7200')subject.isPermitted('printer:print:lp7200')subject.checkRole('ROLE_ADMIN')subject.hasRole('ROLE_ADMIN')subject.isAuthenticated()… etc