如何在Grails中编写accessDeniedHandler [英] How to write accessDeniedHandler in grails

问题描述

我是groovy的新手，我已经按照以下方式在grails中实现了CSRF Token。
CSRF过滤器已添加到resource.groovy

I am new to groovy, I have implemented CSRF Token in grails in following manner. CSRF filter is added in resource.groovy

csrfFilter(CsrfFilter, new HttpSessionCsrfTokenRepository()) {
        accessDeniedHandler = ref('fnAccessDeniedHandler')
        requireCsrfProtectionMatcher = ref('fnRequireCsrfProtectionMatcher')
    }

但是我不知道如何初始化fnAccessDeniedHandler和fnRequireCsrfProtectionMatcher。
预先感谢。

But i don't know how to initialize fnAccessDeniedHandler and fnRequireCsrfProtectionMatcher . Thanks in advance.

推荐答案

ref中的值必须是bean（ https://docs.grails.org/latest/guide/spring.html ）。如果要覆盖accessDeniedHandler和requireCsrfProtectionMatcher，则需要创建自定义类，并在resources.groovy中创建bean。例如，要创建bean fnAccessDeniedHandler，您将执行以下操作。

The value in ref has to be a bean(https://docs.grails.org/latest/guide/spring.html). If you want to override accessDeniedHandler and requireCsrfProtectionMatcher, You would need to create custom classes, and create beans in resources.groovy. As an example, to create bean fnAccessDeniedHandler, you would do something like this.

在resources.groovy中添加以下内容

Add the following in resources.groovy

fnAccessDeniedHandler(CustomAccessDeniedHandler)

并创建一个类CustomAccessDeniedHandler

And create a class CustomAccessDeniedHandler which implements AccessDeniedHandler.

public class CustomAccessDeniedHandler implements AccessDeniedHandler {

    public static final Logger LOG
      = Logger.getLogger(CustomAccessDeniedHandler.class);

    @Override
    public void handle(
      HttpServletRequest request,
      HttpServletResponse response, 
      AccessDeniedException exc) throws IOException, ServletException {

        Authentication auth 
          = SecurityContextHolder.getContext().getAuthentication();
        if (auth != null) {
            LOG.warn("User: " + auth.getName() 
              + " attempted to access the protected URL: "
              + request.getRequestURI());
        }

        response.sendRedirect(request.getContextPath() + "/accessDenied");
    }
}

这篇关于如何在Grails中编写accessDeniedHandler的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！