stackoom
  简体   繁体   中英

How to create a login function without using spring security with grails 3 using interceptors

 原文  2019-05-03 10:36:07       grails/ grails3

Question

System has two grails apps:

  1. the private backoffice which uses springsecurity and an Operator domain object holding the operators username, password, number of failed logins etc.
  2. the public web front end where users signup, login, and use the system. The User domain object holds the users username, password etc.

Because we are using springsecuirty for the backoffice, I assume we cant use it again for the web (the config and db will conflict). Also, the web just needs a very basic auth (all pages require a valid session except register and the login form itself).

Setting up the login form and the interceptor are easy.

The question is, what should the login form actually do in the controller? I can check the username and password match whats in the DB, then I presumably need to create a session, with session timeouts etc. Where do I look for documentation on how to do this? http://docs.grails.org/3.1.1/ref/Servlet%20API/session.html Tells you how to logout, but not login. I presumably need to store sessions in the DB (so that the user can hit any server) etc.

1 answers

solution1
 0  2019-05-03 13:50:50

By looking at some of my old java code, I have got some of the way there.

The interceptor looks like this: 

class AuthInterceptor {
    public AuthInterceptor() {
        // allow the login form and register form to work.
        matchAll().excludes(controller: 'auth')
    }
    boolean before() {
        if(session.getAttribute("user")== null ) {
            // jump to the login form if there is no user attribute.
            redirect controller: 'auth', action: 'login'
            return false
        }
        true
    }
    boolean after() { true }
    void afterView() {
        // no-op
    }

The controller looks like this: 

class AuthController {
    def index() { }

    def login() {
        def email = params.email
        def password = params.password

        if (email != null) {
            // It would be better to invalidate the old session
            // but if we do, we cant get a new one...
            // session.invalidate()

            User user = User.findByEmail(email);
            if (user != null) {
                log.error("user.pass:" +  user.password +  " pass:" + password)
                // @TODO handle password encryption
                if (user.password == password) {
                    session.setAttribute("user", user)
                    redirect(controller:"dashboard")
                }
            }
            flash.message = "email or password incorrect"
        }
        render (view:"login")
    } // login()

However, I have not found where we can set the session timeout yet.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question grails redirect login page to https on localhost using spring security using email and username both as login in spring security plugin in Grails Additional field in login using Grails Spring Security plugin Login failed when using custom Grails Spring Security filter Grails Spring Security redirect to login page using https Grails - How can I use JWT when login through UI using Spring Security Plugin How to redirect to a page after login in Grails using spring security core plugin How to get the reason of login failure in clients while using Grails Spring Security Rest plugin? Grails Facebook Login using spring security - how to know logged in user name Grails spring security using dynamodb
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM