Grails request filters: what's the source of this mysterious authorization method?
I'm building a custom authentication filter class in Grails. It's working, but it bugs me that I don't know why it's working.
In the following Grails request filter, where/how is the "role" method defined? It's got to be part of the Nimble plugin for Grails, but I don't see it in NimbleFilterBase, which my filter class extends.
public class MySecurityFilters extends MyCustomExtensionOfNimbleFilterBase {
def filters = {
reports(controller: 'foo开发者_开发技巧', action: 'bar') {
before = {
accessControl {
role('Administrator')
}
}
}
Also, what exactly is the "accessControl" block? Is that a built-in part of Grails, or something Nimble somehow provides, or just a random scoping mechanism that I could get rid of?
Thanks!
Nimble uses Shiro and these are Shiro features. See the docs at http://grails.org/plugin/shiro
The accessControl method is wired into the MetaClass by ShiroGrailsPlugin in doWithDynamicMethods() - see http://plugins.grails.org/grails-shiro/trunk/ShiroGrailsPlugin.groovy
The role method is defined in http://plugins.grails.org/grails-shiro/trunk/src/groovy/org/apache/shiro/grails/FilterAccessControlBuilder.groovy
The links above are no longer valid.
These are current:
https://github.com/pledbrook/grails-shiro/blob/master/ShiroGrailsPlugin.groovy#L221
https://github.com/pledbrook/grails-shiro/blob/master/src/groovy/org/apache/shiro/grails/FilterAccessControlBuilder.groovy#L39
精彩评论