Grails安全插件自定义重定向 [英] Grails security plugin custom redirection

问题描述

我是Groovy和Grails的新手。我已经使用数据库请求映射开发了一个使用Spring Security插件的应用程序。我想根据角色自定义重定向到主页。

如果用户是ROLE_ADMIN，他将在视图中重定向到他的主页adminUser / Homepage.gsp

如果用户是ROLE_USER，他将在视图中重定向到他的主页User / Homepage.gsp

I我无法根据用户登录获取任何自定义身份验证重定向。

解决方案

这就是我的做法。我已经根据您的需求进行了修改。

在auth（）方法下的springsecurities LoginController内部执行如下操作（它会在用户点击登录前获取用户所在的页面）：

  def auth（）{
 
 session ['returnUrl'] = request.getHeader（Referer ）
 
 def config = SpringSecurityUtils.securityConfig 
 
 if（springSecurityService.isLoggedIn（））{
 redirect uri：config.successHandler.defaultTargetUrl 
 return 
} 
 
 String view ='auth'
 String postUrl =$ {request.contextPath} $ {config.apf.filterProcessesUrl}
 render view：view ，model：[postUrl：postUrl，
 rememberMeParameter：config.rememberMe.parameter] 
} 
  

现在在src / groovy中创建一个auth成功处理程序：

  package packageName 
 
 import org.springframework.security.web.authentication.SavedRequ estAwareAuthenticationSuccessHandler 
 
 import javax.servlet.http.HttpServletRequest 
 import javax.servlet.http.HttpServletResponse 
 $ b public class MyAuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler 
 {
 @Override 
 protected String determineTargetUrl（HttpServletRequest请求，HttpServletResponse响应）
 {
 def returnUrl = request.getSession（）。getAttribute（'returnUrl'）
 
 / /使用springSecurityService获取当前用户角色
 //你可以在这个类中注入springSecurityService 
 // http://stackoverflow.com/questions/6467167/how-to-get-current-user-role- with-spring-security-plugin 
 
 if（role =='ROLE_ADMIN'）
 {
 returnUrl ='/adminUser/Homepage.gsp'
} 
 else if（role =='ROLE_USER'）
 {
 returnUrl ='/User/Homepage.gsp'
} 
 else 
 {
 returnUrl ='重定向到某处'
} 
 
 request.getSession（）。removeAttribute（'returnUrl'）
 
 return returnUrl 
} 
} 
  

现在在conf / spring / resources.groovy create这样的bean：

  import grails.plugin.springsecurity.SpringSecurityUtils 
 
 //将你的Spring DSL code here 
 beans = {
 authenticationSuccessHandler（packageName.MyAuthSuccessHandler）{
 def conf = SpringSecurityUtils.securityConfig 
 requestCache = ref（'requestCache'）
 defaultTargetUrl = conf .successHandler.defaultTargetUrl 
 alwaysUseDefaultTargetUrl = conf.successHandler.alwaysUseDefault 
 targetUrlParameter = conf.successHandler.targetUrlParameter 
 useReferer = conf.successHandler.useReferer 
 redirectStrategy = ref（'redirectStrategy'）
} 
} 
  

然后你应该很好走。让我知道它是否有效。

I am new to Groovy and Grails. I have developed an application using the Spring Security plugin using a database requested request map. I want a custom redirection to the home pages according to the roles.

If the user is ROLE_ADMIN he would be redirected to his home page in views adminUser/Homepage.gsp

If the user is ROLE_USER he would be redirected to his home page in views User/Homepage.gsp

I am not able to get any custom authentication redirection according to the user login.

解决方案

This is how I do it. I've modified it for your needs. Let me know if it helps.

Inside springsecurities LoginController under the auth() method do something like this (it will get the page the user was on before clicking login):

def auth() {

    session['returnUrl'] = request.getHeader("Referer")

    def config = SpringSecurityUtils.securityConfig

    if (springSecurityService.isLoggedIn()) {
        redirect uri: config.successHandler.defaultTargetUrl
        return
    }

    String view = 'auth'
    String postUrl = "${request.contextPath}${config.apf.filterProcessesUrl}"
    render view: view, model: [postUrl: postUrl,
                               rememberMeParameter: config.rememberMe.parameter]
}

Now inside src/groovy create an auth success handler:

package packageName

import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse

public class MyAuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler 
{
    @Override
    protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) 
    {
        def returnUrl = request.getSession().getAttribute('returnUrl')

        // Get current users role using springSecurityService
        // You can inject springSecurityService into this class
        // http://stackoverflow.com/questions/6467167/how-to-get-current-user-role-with-spring-security-plugin

        if (role == 'ROLE_ADMIN')
        {
            returnUrl = '/adminUser/Homepage.gsp'
        }
        else if (role == 'ROLE_USER')
        {
            returnUrl = '/User/Homepage.gsp'
        }
        else
        {
            returnUrl = 'redirect somewhere'
        }

        request.getSession().removeAttribute('returnUrl')

        return returnUrl
    }
}

Now under conf/spring/resources.groovy create a bean like so:

import grails.plugin.springsecurity.SpringSecurityUtils

// Place your Spring DSL code here
beans = {
    authenticationSuccessHandler(packageName.MyAuthSuccessHandler) {
        def conf = SpringSecurityUtils.securityConfig      
        requestCache = ref('requestCache')
        defaultTargetUrl = conf.successHandler.defaultTargetUrl
        alwaysUseDefaultTargetUrl = conf.successHandler.alwaysUseDefault
        targetUrlParameter = conf.successHandler.targetUrlParameter
        useReferer = conf.successHandler.useReferer
        redirectStrategy = ref('redirectStrategy')
    }
}

Then you should be good to go. Let me know if it works.

这篇关于Grails安全插件自定义重定向的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！