Grails Spring Security Core插件重定向问题

Question

I'm using the "Spring Security Core Plugin" for Grails and am using a simple map in my Config.groovy file to restrict access based on authentication type.

For example, I want to prevent users from going to the "user/create" page because obviously you wouldn't want people to be able to create other users when they're logged in (I'm ignoring for now that managers/mods would be able to have this functionality). To accomlish this, I have

grails.plugins.springsecurity.interceptUrlMap = [
    '/user/create':  ['IS_AUTHENTICATED_ANONYMOUSLY']
 ]

The only problem is, it seems to be acting like the action:

redirect uri: SpringSecurityUtils.securityConfig.successHandler.defaultTargetUrl

I want it to redirect to the page it was previously on though.

ie user/list, attempt to call action create from user controller, if logged in, would reidirect back to user/list.

Any help is GREATLY appreciated.

Answer 1

I might be wrong, but I don't think you can do what you want using ['IS_AUTHENTICATED_ANONYMOUSLY'] , it won't restrict logged in user since per documentation

The token accepts any authentication, even anonymous.

Why not just put something like

//in user controller
def create() {
  if(springSecurityService.currentUser) {
    //let them know they're already logged in
    flash.message = message(code: 'your.....message')
    redirect(action: "list")
  }

  //else take them to create form
  ...
}

Answer 2

Also change 'IS_AUTHENTICATED_ANONYMOUSLY' to 'permitAll'. and use the if statement.