有没有办法在 Grails 的 Shiro 过滤器中获取客户端/调用者的 IP 地址
抱歉,如果这是一个愚蠢的问题。我有一些在 Grails 控制器中实现的 Web 服务调用,并且我们使用 Shiro 插件来确保安全。我希望能够为某些操作创建 IP 地址白名单,这些操作只能来自我们自己的服务器或值得信赖的合作伙伴。我发现关于这个主题的文档有点多余。我的第一个想法是尝试在这里实施白名单。如果有更简单的方法来做到这一点,我不会感到惊讶。我是一位 Shiro 新手。肯定可以使用 Shiro for Dummies 的副本!
class ShiroSecurityFilters {
def filters = {
all(uri: "/**") {
before = {
// Ignore direct views (e.g. the default main index page).
if (controllerName in ['foo', 'bar']) {
return true
}
// Access control by convention.
accessControl()
}
}
}
}
sorry if this is a dumb question. I have some web service calls that are implemented in Grails controllers and we use the Shiro plugin for security. I want to be able to create a whitelist of IP addresses for certain operations that should only come from our own servers or trusted partners. I am finding the documentation a little spares on this subject. My first thought was to try and implement the whitelist here. I wouldn't be surprised if there is a simpler way to do this. I am a bit of a Shiro newb. Could sure use a copy of Shiro for Dummies!
class ShiroSecurityFilters {
def filters = {
all(uri: "/**") {
before = {
// Ignore direct views (e.g. the default main index page).
if (controllerName in ['foo', 'bar']) {
return true
}
// Access control by convention.
accessControl()
}
}
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您应该有权访问过滤器中的
request对象,并且可以调用request.getRemoteAddr()来访问 IP 地址。You should have access to the
requestobject in the Filter and you can callrequest.getRemoteAddr()to access the IP address.