Grails request filters: what's the source of this mysterious authorization method?_问答_开发者

Grails request filters: what's the source of this mysterious authorization method?

开发者 https://www.devze.com 2023-02-28 10:48 出处：网络

I\'m building a custom authentication filter class in Grails.It\'s working, but it bugs me that I don\'t know why it\'s working.

I'm building a custom authentication filter class in Grails. It's working, but it bugs me that I don't know why it's working.

In the following Grails request filter, where/how is the "role" method defined? It's got to be part of the Nimble plugin for Grails, but I don't see it in NimbleFilterBase, which my filter class extends.

public class MySecurityFilters extends MyCustomExtensionOfNimbleFilterBase {
    def filters = {
        reports(controller: 'foo开发者_开发技巧', action: 'bar') {
            before = {
                accessControl {
                    role('Administrator')
                }
            }
        }

Also, what exactly is the "accessControl" block? Is that a built-in part of Grails, or something Nimble somehow provides, or just a random scoping mechanism that I could get rid of?

Thanks!

Nimble uses Shiro and these are Shiro features. See the docs at http://grails.org/plugin/shiro

The accessControl method is wired into the MetaClass by ShiroGrailsPlugin in doWithDynamicMethods() - see http://plugins.grails.org/grails-shiro/trunk/ShiroGrailsPlugin.groovy

The role method is defined in http://plugins.grails.org/grails-shiro/trunk/src/groovy/org/apache/shiro/grails/FilterAccessControlBuilder.groovy

The links above are no longer valid.

These are current:

https://github.com/pledbrook/grails-shiro/blob/master/ShiroGrailsPlugin.groovy#L221

https://github.com/pledbrook/grails-shiro/blob/master/src/groovy/org/apache/shiro/grails/FilterAccessControlBuilder.groovy#L39