[英]Grails 1.3.5 and Spring Security Core
I have build a grails application, which on login redirects users to different URLs based on User's role (custom roles defined in roles domain). 我已经构建了一个grails应用程序,该应用程序在登录时根据用户角色将用户重定向到不同的URL(角色域中定义的自定义角色)。 Now I am trying to integrate Spring Security Core Grails Plugin to the application, so plan to use the plugin's domain model.
现在我正在尝试将Spring Security Core Grails插件集成到应用程序中,因此计划使用插件的域模型。
I understand the auth action in LoginController does the user login validation and if the user is logged in the redirects to default target URI. 我理解LoginController中的auth操作执行用户登录验证,如果用户登录重定向到默认目标URI。 My question is how can I know if the logging in user is of type ROLE_ADMIN or ROLE_USER or any other ROLE?
我的问题是如何知道登录用户是否为ROLE_ADMIN或ROLE_USER类型或任何其他ROLE? How can I check the authority here and then redirect to different URIs?
如何在此处检查权限,然后重定向到不同的URI?
I would also like to know how the user validation is done ie how & where the username and password are validated against the database in spring security? 我还想知道用户验证是如何完成的,即如何以及在春季安全性中对数据库验证用户名和密码的位置?
Thank You. 谢谢。 Jay Chandran.
杰伊钱德兰。
The redirect happens in org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
but the plugin extends this class in org.codehaus.groovy.grails.plugins.springsecurity.AjaxAwareAuthenticationSuccessHandler
to support Ajax logins. 重定向发生在
org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
但插件在org.codehaus.groovy.grails.plugins.springsecurity.AjaxAwareAuthenticationSuccessHandler
扩展此类以支持Ajax登录。
If you want to customize the redirect location based on roles, I'd subclass AjaxAwareAuthenticationSuccessHandler
and override onAuthenticationSuccess()
. 如果要根据角色自定义重定向位置,我将
AjaxAwareAuthenticationSuccessHandler
并覆盖AjaxAwareAuthenticationSuccessHandler
onAuthenticationSuccess()
。 You'll have access to the Authentication, so you can inspect the granted authorities and determine where to go based on those. 您将有权访问身份验证,因此您可以检查授予的权限并根据这些权限确定去哪里。
Then replace the plugin's bean with yours in resources.groovy: 然后在resources.groovy中用你的bean替换插件的bean:
import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
beans = {
authenticationSuccessHandler(MyAuthenticationSuccessHandler) {
def conf = SpringSecurityUtils.securityConfig
requestCache = ref('requestCache')
redirectStrategy = ref('redirectStrategy')
defaultTargetUrl = conf.successHandler.defaultTargetUrl
alwaysUseDefaultTargetUrl = conf.successHandler.alwaysUseDefault
targetUrlParameter = conf.successHandler.targetUrlParameter
ajaxSuccessUrl = conf.successHandler.ajaxSuccessUrl
useReferer = conf.successHandler.useReferer
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.