GRAILS Spring安全性插件
[英]GRAILS Spring Security Plugins
问题描述
I am using spring security plugin for my grails app, but I have a requirement to pre-process the username before authentication, for example if user enters "domain\\username", I only need to remove domain. 
我正在为grails应用程序使用spring security插件,但是我需要在身份验证之前预处理用户名,例如,如果用户输入“ domain \\ username”,则只需要删除域即可。
I am using these plugins 我正在使用这些插件
compile ":spring-security-core:2.0-RC5"
compile ":spring-security-ldap:2.0-RC2"
Also, I cannot add a custom form, I need to use basic auth for this.Thanks. 另外,我无法添加自定义表单,为此我需要使用基本身份验证。
2 个解决方案
解决方案1
0 2015-08-05 21:51:45
I haven't done this myself, but I can give you a glimpse of what you need to do. 我自己还没有做过,但是我可以给您一瞥您需要做的事情。
The LoginController doesn't handle the HTTP POST that comes from the login form. LoginController不处理来自登录表单的HTTP POST。 As you can see in the auth method here , the HTTP POST url comes from a configuration entry. 正如你可以在身份验证方法看这里 ,在HTTP POST URL来自一个配置项。 The URL is probably /j_spring_security_check. 该URL可能是/ j_spring_security_check。 That URL corresponds to a Spring Security filter, not a Grails controller method. 该URL对应于Spring Security过滤器,而不是Grails控制器方法。 Essentially, you'll need to set up a filter that intercepts /j_spring_security_check and strips off the domain from the username. 本质上,您需要设置一个过滤器来拦截/ j_spring_security_check并从用户名中剥离域。
There's plenty to learn about these filters. 关于这些过滤器有很多要学习的知识。 I'm still figuring it all out, but a good resource is the Spring Security Reference . 我仍然在想办法,但是Spring Security Reference是一个很好的资源。 The Twitter Auth plugin subclasses AbstractAuthenticationProcessingFilter , implements attemptAuthentication() , and then registers the filter using SpringSecurityUtils.registerFilter() . Twitter Auth插件子类化AbstractAuthenticationProcessingFilter ,实现tryAuthentication() ,然后使用SpringSecurityUtils.registerFilter() 注册过滤器。
解决方案2
0 2015-08-06 22:16:23
我可以通过重写BasicAuthenticationFilter并根据需要将doFilter()方法更改为自定义方法来解决此问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.