5 Leveraging Nimble in your application - Reference Documentation
Authors: Sudhir Nimavat
Version: 0.5.2
Table of Contents
5 Leveraging Nimble in your application
Nimble provides host of functionalities that can be leveraged by host applications, including dynamic methods and gsp tags.5.1 Access control
One of the core functionality that nimble brings to any host application is support for authorization. Nimble utilizes Apache Shiro for access control process.Access control in host applications is verified in one of two ways:- By the host application making a direct call to subject.isPermitted(), subject.hasAllRoles() or subject.hasRole()
- By a grails filter invoking accessControl closure.
5.1.1 Enforcing access control using filters
One of the easiest methods for adding security to your host application is by configuring grails filters to control access to controllers and actions. Host application can callaccessControl
closure from within filters to authorize requests.The following example shows the usage of the accessControl closure in filters.Securing controller actions that require an authenticated user.
secure(controller:"product", action:"edit") { before = { accessControl { true } } }
secure(controller:"product", action:"delete") { before = { accessControl { role("product-admin") || permission("book:delete") } } }
5.1.2 Enforcing access control directly in code
Checking for permissions or roles in Java code as same as Shiro.hasRole() - Checking if user has a role.Subject currentUser = SecurityUtils.subject; if (currentUser.hasRole("administrator")) { }
Subject currentUser = SecurityUtils.subject; if (currentUser.hasAllRoles(["manager", "supervisor"])) { }
Subject currentUser = SecurityUtils.subject; if (currentUser.isPermitted("book:delete")) { }
5.2 Dynamic methods provided by Nimble
Nimble adds two dynamic methodsgetAuthenticatedUser
and getAuthenticatedSubject
to all Filter,controller and Service artefacts.getAuthenticatedUser Returns currently logged in user or null if user is not logged in.def sampleAction() {
log.debug("current user : $authenticatedUser")
}