Grails Spring 安全插件 - 用户名 escaping 问题
[英]Grails Spring Security Plugin - Username escaping problem
问题描述
I'm currently working with Grails and the Spring Security plugin and trying to implement a password expiration workflow.
我目前正在使用 Grails 和 Spring 安全插件并尝试实现密码过期工作流程。 I've configured the plugin as expected:我已经按预期配置了插件:
grails.plugins.springsecurity.failureHandler.exceptionMappings = [
'org.springframework.security.authentication.CredentialsExpiredException': '/login/passwordExpired'
]
and in my passwordExpired action if I call:如果我打电话,在我的 passwordExpired 行动中:
def username = session['SPRING_SECURITY_LAST_USERNAME']
then in the username the HTML special characters are going to be escaped like然后在用户名中 HTML 特殊字符将像
my_user => my_user
my-user => my-user
Is it possible to turn this escaping off?是否可以关闭此 escaping?
Ritesh mentioned here spring_security_last_username that the SPRING_SECURITY_LAST_USERNAME is deprecated, so what else can I use? Ritesh 在这里提到spring_security_last_username已弃用 SPRING_SECURITY_LAST_USERNAME ,那么我还能使用什么?
For any help, thanks in advance!如需任何帮助,请提前致谢!
2 个解决方案
解决方案1
5 已采纳 2011-05-24 15:22:48
The String 'SPRING_SECURITY_LAST_USERNAME' isn't deprecated - the old constant with that value is and has been moved with a new name but the same value.字符串'SPRING_SECURITY_LAST_USERNAME'未被弃用 - 具有该值的旧常量已被移动并使用新名称但值相同。 So your code will continue to be valid.因此,您的代码将继续有效。
Rather than changing things to not escape, you can un-escape easily:与其将事情改变为不逃跑,不如轻松地取消逃跑:
import org.apache.commons.lang.StringEscapeUtils
...
String username = StringEscapeUtils.unescapeHtml(session['SPRING_SECURITY_LAST_USERNAME'])
解决方案2
1 2012-07-25 12:59:14
You don't need to use a tool.你不需要使用工具。 Use Grails HTML codec:使用 Grails HTML 编解码器:
username = session['SPRING_SECURITY_LAST_USERNAME']?.decodeHTML()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.