Implementing Authorization Mode with the Grails Shiro Plugin

I am trying to implement AuthorizingRealm with Grails Shiro plugin. Authentication is done with Active Directory using the plugin-generated ShiroLdapRealm class. Roles will be maintained within the application database.

So how can I integrate ShiroLdapRealm authentication with my custom authorization? It seems to me that the Grails Shiro plugin uses RealmWrapper to hide the internals of Shiro from the Grails world, and it only implements the standard Realm class, not AuthorizationRealm.

Any idea? Thank!


source to share

1 answer

I haven't worked with shiro before, but I have used the shiro plugin successfully on several projects ...

So, if you already have a working LdapRealm, copy the ShiroLdapRealm.groovy file to a safe backup location and delete it from the project ...

Next, create a shiro ( create-wildcard-realm

) wildcard scope . This will create a realm with authentication and authorization functions.

Copy the method authenticate()

from your old realm to this ...

You can now authenticate with LDAP with a valid result ShiroUser


You can assign ShiroRole

appropriate permissions to this user.

You can easily create the required roles with permissions in bootstrap and assign them to the user according to the ACLs you read from the directory service ...

hope it helps



All Articles