Grails 安全插件自定义重定向
Grails security plugin custom redirection
我是 Groovy 和 Grails 的新手。我使用 Spring 安全插件开发了一个应用程序,该插件使用数据库请求的请求映射。我想要根据角色自定义重定向到主页。
如果用户是 ROLE_ADMIN 他将被重定向到他的主页 adminUser/Homepage.gsp
如果用户 ROLE_USER 他将被重定向到他的主页 User/Homepage.gsp
我无法根据用户登录获得任何自定义身份验证重定向。
我就是这样做的。我已经根据您的需要对其进行了修改。如果有帮助,请告诉我。
在 auth() 方法下的 springsecurities LoginController 中做这样的事情(它将获取用户在单击登录之前所在的页面):
def auth() {
session['returnUrl'] = request.getHeader("Referer")
def config = SpringSecurityUtils.securityConfig
if (springSecurityService.isLoggedIn()) {
redirect uri: config.successHandler.defaultTargetUrl
return
}
String view = 'auth'
String postUrl = "${request.contextPath}${config.apf.filterProcessesUrl}"
render view: view, model: [postUrl: postUrl,
rememberMeParameter: config.rememberMe.parameter]
}
现在在 src/groovy 中创建一个身份验证成功处理程序:
package packageName
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
public class MyAuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler
{
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response)
{
def returnUrl = request.getSession().getAttribute('returnUrl')
// Get current users role using springSecurityService
// You can inject springSecurityService into this class
//
if (role == 'ROLE_ADMIN')
{
returnUrl = '/adminUser/Homepage.gsp'
}
else if (role == 'ROLE_USER')
{
returnUrl = '/User/Homepage.gsp'
}
else
{
returnUrl = 'redirect somewhere'
}
request.getSession().removeAttribute('returnUrl')
return returnUrl
}
}
现在在 conf/spring/resources.groovy 下创建一个像这样的 bean:
import grails.plugin.springsecurity.SpringSecurityUtils
// Place your Spring DSL code here
beans = {
authenticationSuccessHandler(packageName.MyAuthSuccessHandler) {
def conf = SpringSecurityUtils.securityConfig
requestCache = ref('requestCache')
defaultTargetUrl = conf.successHandler.defaultTargetUrl
alwaysUseDefaultTargetUrl = conf.successHandler.alwaysUseDefault
targetUrlParameter = conf.successHandler.targetUrlParameter
useReferer = conf.successHandler.useReferer
redirectStrategy = ref('redirectStrategy')
}
}
那么你应该可以开始了。让我知道它是否有效。
你必须在你的方法之前注入springSecurityService。此外,getAuthorities() 应该 return 一个列表,这样你就必须遍历它(这是因为人们可以有多个角色)。
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
public class MyAuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler
{
def springSecurityService
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response)
{
def returnUrl = request.getSession().getAttribute('returnUrl')
def roles = springSecurityService.getPrincipal().getAuthorities()
for (role in roles)
{
if (role == 'ROLE_ADMIN')
{
returnUrl = '/adminUser/Homepage.gsp'
}
else if (role == 'ROLE_USER')
{
returnUrl = '/User/Homepage.gsp'
}
}
request.getSession().removeAttribute('returnUrl')
return returnUrl
}
}
假设您的 BuildConfig 中有这样一行:
compile ":spring-security-core:2.0-RC4"
以及您的 BootStrap 中的一些类似代码:
def roleAdmin = new Role(authority:LSSRole.ROLE_ADMIN.toString()).save(failOnError: true)
def roleFirm = new Role(authority:LSSRole.ROLE_FIRM.toString()).save(failOnError: true)
def roleLaw = new Role(authority:LSSRole.ROLE_LAWYER.toString()).save(failOnError: true)
def roleFin = new Role(authority:LSSRole.ROLE_FINANCE.toString()).save(failOnError: true)
使用此代码创建的示例管理员用户:
UserRole.create admin, roleAdmin, true
Config 中有这样的代码:
'/dbconsole/**': [LSSRole.ROLE_ADMIN.toString()],
'/secure/**': [LSSRole.ROLE_ADMIN.toString()],
'/payment/**': [LSSRole.ROLE_FIRM.toString()],
'/filing/**': [LSSRole.ROLE_FIRM.toString()],
'/finance/**': [LSSRole.ROLE_FINANCE.toString()],
'/lawyer/**': [LSSRole.ROLE_LAWYER.toString()],
其中 LSSRole 是一个枚举,一些代码如下:
"/" {
controller = "dispatch"
action = "index"
}
在您的 UrlMappings 中,为了在成功登录后将用户转移到,您可以像这样构建一个调度程序,根据用户的角色将用户调度到不同的登录页面:
class DispatchController {
def index() {
def controller = 'login'
def action = 'auth'
if (SpringSecurityUtils.ifAllGranted(LSSRole.ROLE_ADMIN.toString())) {
controller = 'secure'
action = 'index'
} else if (SpringSecurityUtils.ifAllGranted(LSSRole.ROLE_FINANCE.toString())) {
controller = 'finance'
action = 'index'
} else if (SpringSecurityUtils.ifAllGranted(LSSRole.ROLE_FIRM.toString())) {
controller = 'filing'
action = 'summary'
} else if (SpringSecurityUtils.ifAllGranted(LSSRole.ROLE_LAWYER.toString())) {
controller = 'lawyer'
action = 'index'
} else {
flash.message = 'Where do you think you\'re going? Nno no no'
SecurityContextHolder.clearContext()
}
redirect controller:controller, action:action
}
希望对您有所帮助。
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
import grails.plugin.springsecurity.SpringSecurityUtils
public class MyAuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler
{
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response)
{
def returnUrl = request.getSession().getAttribute('returnUrl')
def roles = SpringSecurityUtils.getPrincipalAuthorities()
for (String role in roles)
{
if (role.equals("ROLE_ADMIN")) {
returnUrl = '/AdminUser/index.gsp'
}
else if (role.equals("ROLE_USER")) {
returnUrl = '/User/index.gsp'
}
else {
returnUrl = '/'
}
}
request.getSession().removeAttribute('returnUrl')
return returnUrl
}
}
这是我的工作代码....
而不是注入依赖项我使用 SpringSecurityUtils 获取当前用户角色并将其重定向到所需的页面......
感谢大家的支持。
@sean3838 感谢您帮助我.....
我是 Groovy 和 Grails 的新手。我使用 Spring 安全插件开发了一个应用程序,该插件使用数据库请求的请求映射。我想要根据角色自定义重定向到主页。
如果用户是 ROLE_ADMIN 他将被重定向到他的主页 adminUser/Homepage.gsp
如果用户 ROLE_USER 他将被重定向到他的主页 User/Homepage.gsp
我无法根据用户登录获得任何自定义身份验证重定向。
我就是这样做的。我已经根据您的需要对其进行了修改。如果有帮助,请告诉我。
在 auth() 方法下的 springsecurities LoginController 中做这样的事情(它将获取用户在单击登录之前所在的页面):
def auth() {
session['returnUrl'] = request.getHeader("Referer")
def config = SpringSecurityUtils.securityConfig
if (springSecurityService.isLoggedIn()) {
redirect uri: config.successHandler.defaultTargetUrl
return
}
String view = 'auth'
String postUrl = "${request.contextPath}${config.apf.filterProcessesUrl}"
render view: view, model: [postUrl: postUrl,
rememberMeParameter: config.rememberMe.parameter]
}
现在在 src/groovy 中创建一个身份验证成功处理程序:
package packageName
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
public class MyAuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler
{
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response)
{
def returnUrl = request.getSession().getAttribute('returnUrl')
// Get current users role using springSecurityService
// You can inject springSecurityService into this class
//
if (role == 'ROLE_ADMIN')
{
returnUrl = '/adminUser/Homepage.gsp'
}
else if (role == 'ROLE_USER')
{
returnUrl = '/User/Homepage.gsp'
}
else
{
returnUrl = 'redirect somewhere'
}
request.getSession().removeAttribute('returnUrl')
return returnUrl
}
}
现在在 conf/spring/resources.groovy 下创建一个像这样的 bean:
import grails.plugin.springsecurity.SpringSecurityUtils
// Place your Spring DSL code here
beans = {
authenticationSuccessHandler(packageName.MyAuthSuccessHandler) {
def conf = SpringSecurityUtils.securityConfig
requestCache = ref('requestCache')
defaultTargetUrl = conf.successHandler.defaultTargetUrl
alwaysUseDefaultTargetUrl = conf.successHandler.alwaysUseDefault
targetUrlParameter = conf.successHandler.targetUrlParameter
useReferer = conf.successHandler.useReferer
redirectStrategy = ref('redirectStrategy')
}
}
那么你应该可以开始了。让我知道它是否有效。
你必须在你的方法之前注入springSecurityService。此外,getAuthorities() 应该 return 一个列表,这样你就必须遍历它(这是因为人们可以有多个角色)。
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
public class MyAuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler
{
def springSecurityService
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response)
{
def returnUrl = request.getSession().getAttribute('returnUrl')
def roles = springSecurityService.getPrincipal().getAuthorities()
for (role in roles)
{
if (role == 'ROLE_ADMIN')
{
returnUrl = '/adminUser/Homepage.gsp'
}
else if (role == 'ROLE_USER')
{
returnUrl = '/User/Homepage.gsp'
}
}
request.getSession().removeAttribute('returnUrl')
return returnUrl
}
}
假设您的 BuildConfig 中有这样一行:
compile ":spring-security-core:2.0-RC4"
以及您的 BootStrap 中的一些类似代码:
def roleAdmin = new Role(authority:LSSRole.ROLE_ADMIN.toString()).save(failOnError: true)
def roleFirm = new Role(authority:LSSRole.ROLE_FIRM.toString()).save(failOnError: true)
def roleLaw = new Role(authority:LSSRole.ROLE_LAWYER.toString()).save(failOnError: true)
def roleFin = new Role(authority:LSSRole.ROLE_FINANCE.toString()).save(failOnError: true)
使用此代码创建的示例管理员用户:
UserRole.create admin, roleAdmin, true
Config 中有这样的代码:
'/dbconsole/**': [LSSRole.ROLE_ADMIN.toString()],
'/secure/**': [LSSRole.ROLE_ADMIN.toString()],
'/payment/**': [LSSRole.ROLE_FIRM.toString()],
'/filing/**': [LSSRole.ROLE_FIRM.toString()],
'/finance/**': [LSSRole.ROLE_FINANCE.toString()],
'/lawyer/**': [LSSRole.ROLE_LAWYER.toString()],
其中 LSSRole 是一个枚举,一些代码如下:
"/" {
controller = "dispatch"
action = "index"
}
在您的 UrlMappings 中,为了在成功登录后将用户转移到,您可以像这样构建一个调度程序,根据用户的角色将用户调度到不同的登录页面:
class DispatchController {
def index() {
def controller = 'login'
def action = 'auth'
if (SpringSecurityUtils.ifAllGranted(LSSRole.ROLE_ADMIN.toString())) {
controller = 'secure'
action = 'index'
} else if (SpringSecurityUtils.ifAllGranted(LSSRole.ROLE_FINANCE.toString())) {
controller = 'finance'
action = 'index'
} else if (SpringSecurityUtils.ifAllGranted(LSSRole.ROLE_FIRM.toString())) {
controller = 'filing'
action = 'summary'
} else if (SpringSecurityUtils.ifAllGranted(LSSRole.ROLE_LAWYER.toString())) {
controller = 'lawyer'
action = 'index'
} else {
flash.message = 'Where do you think you\'re going? Nno no no'
SecurityContextHolder.clearContext()
}
redirect controller:controller, action:action
}
希望对您有所帮助。
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
import grails.plugin.springsecurity.SpringSecurityUtils
public class MyAuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler
{
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response)
{
def returnUrl = request.getSession().getAttribute('returnUrl')
def roles = SpringSecurityUtils.getPrincipalAuthorities()
for (String role in roles)
{
if (role.equals("ROLE_ADMIN")) {
returnUrl = '/AdminUser/index.gsp'
}
else if (role.equals("ROLE_USER")) {
returnUrl = '/User/index.gsp'
}
else {
returnUrl = '/'
}
}
request.getSession().removeAttribute('returnUrl')
return returnUrl
}
}
这是我的工作代码.... 而不是注入依赖项我使用 SpringSecurityUtils 获取当前用户角色并将其重定向到所需的页面...... 感谢大家的支持。
@sean3838 感谢您帮助我.....