堆栈内存溢出
  简体   繁体   English

Grails 1.3.5和Spring Security Core

[英]Grails 1.3.5 and Spring Security Core

 原文  2010-10-08 05:14:01       grails/ spring-security/ grails-plugin

问题描述

I have build a grails application, which on login redirects users to different URLs based on User's role (custom roles defined in roles domain). 我已经构建了一个grails应用程序,该应用程序在登录时根据用户角色将用户重定向到不同的URL(角色域中定义的自定义角色)。 Now I am trying to integrate Spring Security Core Grails Plugin to the application, so plan to use the plugin's domain model. 现在我正在尝试将Spring Security Core Grails插件集成到应用程序中,因此计划使用插件的域模型。

I understand the auth action in LoginController does the user login validation and if the user is logged in the redirects to default target URI. 我理解LoginController中的auth操作执行用户登录验证,如果用户登录重定向到默认目标URI。 My question is how can I know if the logging in user is of type ROLE_ADMIN or ROLE_USER or any other ROLE? 我的问题是如何知道登录用户是否为ROLE_ADMIN或ROLE_USER类型或任何其他ROLE? How can I check the authority here and then redirect to different URIs? 如何在此处检查权限,然后重定向到不同的URI?

I would also like to know how the user validation is done ie how & where the username and password are validated against the database in spring security? 我还想知道用户验证是如何完成的,即如何以及在春季安全性中对数据库验证用户名和密码的位置?

Thank You. 谢谢。 Jay Chandran. 杰伊钱德兰。

1 个解决方案

解决方案1
 5 已采纳  2010-10-08 05:59:55

The redirect happens in org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler but the plugin extends this class in org.codehaus.groovy.grails.plugins.springsecurity.AjaxAwareAuthenticationSuccessHandler to support Ajax logins. 重定向发生在org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler但插件在org.codehaus.groovy.grails.plugins.springsecurity.AjaxAwareAuthenticationSuccessHandler扩展此类以支持Ajax登录。

If you want to customize the redirect location based on roles, I'd subclass AjaxAwareAuthenticationSuccessHandler and override onAuthenticationSuccess() . 如果要根据角色自定义重定向位置,我将AjaxAwareAuthenticationSuccessHandler并覆盖AjaxAwareAuthenticationSuccessHandler onAuthenticationSuccess() You'll have access to the Authentication, so you can inspect the granted authorities and determine where to go based on those. 您将有权访问身份验证,因此您可以检查授予的权限并根据这些权限确定去哪里。

Then replace the plugin's bean with yours in resources.groovy: 然后在resources.groovy中用你的bean替换插件的bean: 

import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils

beans = {
   authenticationSuccessHandler(MyAuthenticationSuccessHandler) {
      def conf = SpringSecurityUtils.securityConfig

      requestCache = ref('requestCache')
      redirectStrategy = ref('redirectStrategy')
      defaultTargetUrl = conf.successHandler.defaultTargetUrl
      alwaysUseDefaultTargetUrl = conf.successHandler.alwaysUseDefault
      targetUrlParameter = conf.successHandler.targetUrlParameter
      ajaxSuccessUrl = conf.successHandler.ajaxSuccessUrl
      useReferer = conf.successHandler.useReferer
   }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Grails Spring安全核心 - grails spring security core Grails-Spring Security Core onAuthenticationSuccess - Grails - Spring Security Core onAuthenticationSuccess Spring Security Core Grails无法登录 - spring security core grails not logging in Grails - 卸载 Spring 安全核心 - Grails - uninstalling Spring Security Core 带有 grails 的 Spring Security 核心插件 - Spring Security Core Plugin with grails Grails Spring安全核心插件 - Grails Spring Security Core Plugin Grails - SSL和Spring安全核心 - Grails - SSL and Spring security core grails中的spring-security-core自定义身份验证 - spring-security-core custom authentication in grails Grails 2.1.1和Spring Security Core插件 - Grails 2.1.1 and Spring Security Core plugin Grails Spring Security Core注销消息 - Grails Spring Security Core logout message
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM