jsecurity : how to setup permission from database ?

Question

Hi,

I'm using Jsecurity plugins on Grails and I would like to know how to setup permission for each page from the database if possible.

it's like to store the following rules:

/home/edit/* for Admin /home/*
for Users /administrator/* for Admin /menu/* for Admin, Staff Admin

etc ...

at the moment, we did it in the conf/SecurityFilters.groovy like the following

menuEditing(controller:"menu"){
    before = {
        accessControl {
            role("Administrator");
        }
    }
}

is it possible to store the rules on database instead of writing on Security Filters ?

ps: i think jsecurity changes its name to Apahce Shiro link text

Answer 1

You could make a userfilter which makes the jsecurity calls to checkPermission. If for example you can determine authorization from controller, action and id you could use this filter

permissionCheck() {
    before = {
        SecurityUtils.getSubject().ceckPermission("${controller}:${action}:${id}")
    }
}

and a realm which checks for this permission using the database.