我正在将现有应用程序从Grails 2.4.4升级到Grails 3.2.8。我试图从Grails shiro插件迁移到Grails spring-security-shiro插件。我想在布局模板GSP中执行正常的登录检查,除了访问登录的用户。
这是我以前在布局GSP
之前拥有的main.gsp
<g:if test="${shiro.principal()}">
Welcome back
<g:link controller="account" action="profile">
<shiro:principal/>
</g:link>|
<g:link controller="auth" action="signOut" class="navbar-brand">Logout</g:link>
</g:if>
<g:else>
<g:link controller="auth" action="login" class="navbar-brand">Login</g:link>
</g:else>
我最终使用Spring Security Core的API执行我需要的功能。我还需要创建自定义登录屏幕,这是可以预期的。您可能只需使用自定义权限逻辑就可以跳到Spring Security。请参阅下面。
http://grails-plugins.github.io/grails-spring-security-core/3.2.x/index.html#securitytaglib
<sec:ifLoggedIn>
Welcome back
<g:link controller="account" action="profile">
<sec:username/>
</g:link>|
<g:link controller="logout">Logout</g:link>
</sec:ifLoggedIn>
<sec:ifNotLoggedIn>
<g:link controller="auth" action="your_custom_login">Login</g:link>
</sec:ifNotLoggedIn>
权限逻辑
我根据建议的权限从严格的基于字符串的权限转换为权限对象
account.groovy
static hasMany = [ permissions: Permission ]
许可
class Permission {
Account account
String permission
static constraints = {
}
}
如何使用:
def permission = accountInstance.permissions.find {
it.permission == "account:customer_profile:${accountInstance.id}"
}
if (!permission){
flash.message = "You do not have permission to access this..."
redirect(controller:'controller', action:'index')
return
}