![](/img/trans.png)
[英]Customise Login Page Based on Required Roles with Grails Spring Security
[英]Grails and Spring Security Plugin: Redirecting user upon login based on roles
我希望根据用户的角色成功登录时重定向用户。 我遵循这个例子,但方法永远不会执行(打印不会发生)。
我的资源.groovy:
beans = {
authenticationSuccessHandler(UrlRedirectEventListener)
{
def conf = SpringSecurityUtils.securityConfig
requestCache = ref('requestCache')
defaultTargetUrl = conf.successHandler.defaultTargetUrl
alwaysUseDefaultTargetUrl = conf.successHandler.alwaysUseDefault
targetUrlParameter = conf.successHandler.targetUrlParameter
useReferer = conf.successHandler.useReferer
redirectStrategy = ref('redirectStrategy')
defaultUrl= "/"
adminUrl = "/admin/"
userUrl = "/user/"
}
}
还有我的UrlRedirectEventListener
class UrlRedirectEventListener
extends SavedRequestAwareAuthenticationSuccessHandler
{
@Override
protected String determineTargetUrl(HttpServletRequest request,
HttpServletResponse response) {
boolean hasBoth = SpringSecurityUtils.ifAllGranted("ROLE_USER,ROLE_ADMIN");
boolean hasUser = SpringSecurityUtils.ifAnyGranted("ROLE_USER");
boolean hasAdmin = SpringSecurityUtils.ifAnyGranted("ROLE_ADMIN");
println("hasBoth:"+hasBoth+ " hasUser:"+hasUser+ " hasAdmin:"+hasAdmin)
if( hasBoth ){
return defaultLoginUrl;
}else if ( hasUser ){
return userUrl ;
}else if ( hasAdmin ){
return adminUrl ;
}else{
return super.determineTargetUrl(request, response);
}
}
private String defaultLoginUrl;
private String mmrLoginUrl;
private String pubApiLoginUrl;
...setters for urls
}
我错过了什么? 我使用的是Grails 2.0.4和Spring Security Plugin 2 RC2.0
谢谢!
编辑:
我也有这个控制器来测试我的bean是否被创建,它正确显示。
class TestController {
AuthenticationSuccessHandler authenticationSuccessHandler
def index()
{
render( authenticationSuccessHandler )
}
}
看完源后,我发现了。 问题是, SavedRequestAwareAuthenticationSuccessHandler
的方法onAuthenticationSuccess
不会到达被覆盖的方法determineTargetUrl
与我使用(由插件生成的默认)的简单的登录方式。 我不得不实际覆盖onAuthenticationSuccess
并将我的逻辑放在那里。
有问题的来源:
SavedRequestAwareAuthenticationSuccessHandler扩展SimpleUrlAuthenticationSuccessHandler扩展AbstractAuthenticationTargetUrlRequestHandler
我更新的UrlRedirectEventListener
,其中大多数是从SavedRequestAwareAuthenticationSuccessHandler
复制粘贴的:
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws ServletException, IOException {
SavedRequest savedRequest = requestCache.getRequest(request, response);
if (savedRequest == null) {
super.onAuthenticationSuccess(request, response, authentication);
return;
}
String targetUrlParameter = getTargetUrlParameter();
if (isAlwaysUseDefaultTargetUrl() || (targetUrlParameter != null && StringUtils.hasText(request.getParameter(targetUrlParameter)))) {
requestCache.removeRequest(request, response);
super.onAuthenticationSuccess(request, response, authentication);
return;
}
def targetUrl = savedRequest.getRedirectUrl();
if( targetUrl != null && targetUrl != "" && targetUrl.endsWith("/myApp/") ) // I only want to differently handle "/". If a user hits /user/, or any other url, attempt to send him there. Spring Security will deny him access based on his privileges if necessary.
targetUrl = this.determineTargetUrl( request, response ) // This is the method defined above. Only thing changed there is I removed the `super` call
clearAuthenticationAttributes(request);
logger.info("Redirecting to Url: " + targetUrl);
getRedirectStrategy().sendRedirect(request, response, targetUrl);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.