Grails和Spring Security Plugin：根据角色在登录时重定向用户

Question

我希望根据用户的角色成功登录时重定向用户。 我遵循这个例子，但方法永远不会执行（打印不会发生）。

我的资源.groovy：

beans = {
authenticationSuccessHandler(UrlRedirectEventListener)
{
    def conf = SpringSecurityUtils.securityConfig      
    requestCache = ref('requestCache')
    defaultTargetUrl = conf.successHandler.defaultTargetUrl
    alwaysUseDefaultTargetUrl = conf.successHandler.alwaysUseDefault
    targetUrlParameter = conf.successHandler.targetUrlParameter
    useReferer = conf.successHandler.useReferer
    redirectStrategy = ref('redirectStrategy')
    defaultUrl= "/"
    adminUrl = "/admin/"
    userUrl = "/user/"
}
}

还有我的UrlRedirectEventListener

class UrlRedirectEventListener 
extends SavedRequestAwareAuthenticationSuccessHandler 
{

@Override
protected String determineTargetUrl(HttpServletRequest request,
                                        HttpServletResponse response) {

    boolean hasBoth = SpringSecurityUtils.ifAllGranted("ROLE_USER,ROLE_ADMIN");
    boolean hasUser = SpringSecurityUtils.ifAnyGranted("ROLE_USER");
    boolean hasAdmin = SpringSecurityUtils.ifAnyGranted("ROLE_ADMIN");

    println("hasBoth:"+hasBoth+ " hasUser:"+hasUser+ " hasAdmin:"+hasAdmin)
    if( hasBoth ){
        return defaultLoginUrl;
    }else if ( hasUser ){
        return userUrl ;
    }else if ( hasAdmin ){
        return adminUrl ;
    }else{
        return super.determineTargetUrl(request, response);
    }
}

private String defaultLoginUrl;
private String mmrLoginUrl;
private String pubApiLoginUrl;

...setters for urls
} 

我错过了什么？ 我使用的是Grails 2.0.4和Spring Security Plugin 2 RC2.0

谢谢！

编辑：

我也有这个控制器来测试我的bean是否被创建，它正确显示。

class TestController {

   AuthenticationSuccessHandler authenticationSuccessHandler

   def index()
   {
      render( authenticationSuccessHandler  )
   }
}

Answer 1

看完源后，我发现了。 问题是， SavedRequestAwareAuthenticationSuccessHandler的方法onAuthenticationSuccess不会到达被覆盖的方法determineTargetUrl与我使用（由插件生成的默认）的简单的登录方式。 我不得不实际覆盖onAuthenticationSuccess并将我的逻辑放在那里。

有问题的来源：

SavedRequestAwareAuthenticationSuccessHandler扩展SimpleUrlAuthenticationSuccessHandler扩展AbstractAuthenticationTargetUrlRequestHandler

我更新的UrlRedirectEventListener ，其中大多数是从SavedRequestAwareAuthenticationSuccessHandler复制粘贴的：

@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws ServletException, IOException {
    SavedRequest savedRequest = requestCache.getRequest(request, response);
    if (savedRequest == null) {
        super.onAuthenticationSuccess(request, response, authentication);
        return;
    }
    String targetUrlParameter = getTargetUrlParameter();
    if (isAlwaysUseDefaultTargetUrl() || (targetUrlParameter != null && StringUtils.hasText(request.getParameter(targetUrlParameter)))) {
        requestCache.removeRequest(request, response);
        super.onAuthenticationSuccess(request, response, authentication);
        return;
    }
    def targetUrl = savedRequest.getRedirectUrl();
    if( targetUrl != null && targetUrl != "" && targetUrl.endsWith("/myApp/") ) // I only want to differently handle "/". If a user hits /user/, or any other url, attempt to send him there. Spring Security will deny him access based on his privileges if necessary.
        targetUrl = this.determineTargetUrl( request, response ) // This is the method defined above. Only thing changed there is I removed the `super` call

    clearAuthenticationAttributes(request);
    logger.info("Redirecting to Url: " + targetUrl);
    getRedirectStrategy().sendRedirect(request, response, targetUrl);
}