Authentication 从grails中shiro中的过滤器中排除URL
我有多个url,需要进行机器对机器(MToM)身份验证,还有一些url不需要身份验证。如何排除需要进行身份验证的URL。 我的代码看起来像这样Authentication 从grails中shiro中的过滤器中排除URL,authentication,grails,shiro,Authentication,Grails,Shiro,我有多个url,需要进行机器对机器(MToM)身份验证,还有一些url不需要身份验证。如何排除需要进行身份验证的URL。 我的代码看起来像这样 class MToMFilters { def filters = { all(uri: "/api/mtom/**") { before = { boolean isAccessControl = false validateReque
class MToMFilters {
def filters = {
all(uri: "/api/mtom/**") {
before = {
boolean isAccessControl = false
validateRequest(controllerName,actionName,isAccessControl)
if(isAccessControl)
accessControl()
}
}
allUser(uri:"/user/**"){
before = {
if (
!(controllerName == 'office' && actionName == 'hall') &&
!(request.forwardURI.contains("/api/"))
) {
accessControl()
}
}
}
}
def validateRequest(String controllerName,String actionName,boolean isAccessControl){
def isValidRequest = false
MToMToken authToken = new MToMToken(username:"xyz")
try {
SecurityUtils.subject.login(authToken)
isValidRequest = true
//if no exception, that's it, we're done!
} catch ( UnknownAccountException uae ) {
//username wasn't in the system, show them an error message?
log.error uae
} catch ( IncorrectCredentialsException ice ) {
//password didn't match, try again?
log.error ice
} catch ( LockedAccountException lae ) {
//account for that username is locked - can't login. Show them a message?
log.error lae
} catch ( AuthenticationException ae ) {
//unexpected condition - error?
log.error ae
}
if(!isValidRequest) {
render(contentType: "application/json") {
def err = new Error(statusCode:4001, statusMessage:"Invalid source client or Request was tempered.")
new Response(error: [err], statusCode:4001, statusMessage:"Invalid source client or Request was tempered.")
}
return false
}
log.info "User authenticated successfully!"
log.info "isValidRequest: "+isValidRequest
if (!(controllerName == 'office' && actionName == 'hall') && isValidRequest) {
isAccessControl = true
}
}
}