我正在使用 shiro 来保护我的 grails 应用程序,使用默认设置
grails shiro-quick-start
和自定义用户。到目前为止,所有控制器操作都受到保护,但是如果我将 URL 输入到 GSP 文件(例如 index.gsp),我不会收到登录提示。
我使用的默认过滤器是
def filters = {
all(uri: "/**") {
before = {
accessControl()
}
}
}
但看似 GSP-Files 与此 URI-Filter 不匹配。我必须使用什么 URI 过滤器?我正在使用 grails 1.3.7 和 shiro 插件 1.1.3
very interesting, but seems to be a grails problem, not a shiro one.
I didn't manage to secure /object/view.gsp pages through the filters mechanism - it seems to be based on controller/action and since there is no controller involved...
But I did find another solution. Add the following line to your UrlMappings.groovy file
"/$folder/${view}.gsp"(controller:'auth', action:'login')
this will send your .gsp files through a controller.