Grails安全插件自定义重定向 [英] Grails security plugin custom redirection
问题描述
如果用户是ROLE_ADMIN,他将在视图中重定向到他的主页adminUser / Homepage.gsp
如果用户是ROLE_USER,他将在视图中重定向到他的主页User / Homepage.gsp
I我无法根据用户登录获取任何自定义身份验证重定向。
这就是我的做法。我已经根据您的需求进行了修改。
在auth()方法下的springsecurities LoginController内部执行如下操作(它会在用户点击登录前获取用户所在的页面): def auth(){
session ['returnUrl'] = request.getHeader(Referer )
def config = SpringSecurityUtils.securityConfig
if(springSecurityService.isLoggedIn()){
redirect uri:config.successHandler.defaultTargetUrl
return
}
String view ='auth'
String postUrl =$ {request.contextPath} $ {config.apf.filterProcessesUrl}
render view:view ,model:[postUrl:postUrl,
rememberMeParameter:config.rememberMe.parameter]
}
现在在src / groovy中创建一个auth成功处理程序:
package packageName
import org.springframework.security.web.authentication.SavedRequ estAwareAuthenticationSuccessHandler
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
$ b public class MyAuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler
{
@Override
protected String determineTargetUrl(HttpServletRequest请求,HttpServletResponse响应)
{
def returnUrl = request.getSession()。getAttribute('returnUrl')
/ /使用springSecurityService获取当前用户角色
//你可以在这个类中注入springSecurityService
// http://stackoverflow.com/questions/6467167/how-to-get-current-user-role- with-spring-security-plugin
if(role =='ROLE_ADMIN')
{
returnUrl ='/adminUser/Homepage.gsp'
}
else if(role =='ROLE_USER')
{
returnUrl ='/User/Homepage.gsp'
}
else
{
returnUrl ='重定向到某处'
}
request.getSession()。removeAttribute('returnUrl')
return returnUrl
}
}
现在在conf / spring / resources.groovy create这样的bean:
import grails.plugin.springsecurity.SpringSecurityUtils
//将你的Spring DSL code here
beans = {
authenticationSuccessHandler(packageName.MyAuthSuccessHandler){
def conf = SpringSecurityUtils.securityConfig
requestCache = ref('requestCache')
defaultTargetUrl = conf .successHandler.defaultTargetUrl
alwaysUseDefaultTargetUrl = conf.successHandler.alwaysUseDefault
targetUrlParameter = conf.successHandler.targetUrlParameter
useReferer = conf.successHandler.useReferer
redirectStrategy = ref('redirectStrategy')
}
}
然后你应该很好走。让我知道它是否有效。
I am new to Groovy and Grails. I have developed an application using the Spring Security plugin using a database requested request map. I want a custom redirection to the home pages according to the roles.
If the user is ROLE_ADMIN he would be redirected to his home page in views adminUser/Homepage.gsp
If the user is ROLE_USER he would be redirected to his home page in views User/Homepage.gsp
I am not able to get any custom authentication redirection according to the user login.
This is how I do it. I've modified it for your needs. Let me know if it helps.
Inside springsecurities LoginController under the auth() method do something like this (it will get the page the user was on before clicking login):
def auth() {
session['returnUrl'] = request.getHeader("Referer")
def config = SpringSecurityUtils.securityConfig
if (springSecurityService.isLoggedIn()) {
redirect uri: config.successHandler.defaultTargetUrl
return
}
String view = 'auth'
String postUrl = "${request.contextPath}${config.apf.filterProcessesUrl}"
render view: view, model: [postUrl: postUrl,
rememberMeParameter: config.rememberMe.parameter]
}
Now inside src/groovy create an auth success handler:
package packageName
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
public class MyAuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler
{
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response)
{
def returnUrl = request.getSession().getAttribute('returnUrl')
// Get current users role using springSecurityService
// You can inject springSecurityService into this class
// http://stackoverflow.com/questions/6467167/how-to-get-current-user-role-with-spring-security-plugin
if (role == 'ROLE_ADMIN')
{
returnUrl = '/adminUser/Homepage.gsp'
}
else if (role == 'ROLE_USER')
{
returnUrl = '/User/Homepage.gsp'
}
else
{
returnUrl = 'redirect somewhere'
}
request.getSession().removeAttribute('returnUrl')
return returnUrl
}
}
Now under conf/spring/resources.groovy create a bean like so:
import grails.plugin.springsecurity.SpringSecurityUtils
// Place your Spring DSL code here
beans = {
authenticationSuccessHandler(packageName.MyAuthSuccessHandler) {
def conf = SpringSecurityUtils.securityConfig
requestCache = ref('requestCache')
defaultTargetUrl = conf.successHandler.defaultTargetUrl
alwaysUseDefaultTargetUrl = conf.successHandler.alwaysUseDefault
targetUrlParameter = conf.successHandler.targetUrlParameter
useReferer = conf.successHandler.useReferer
redirectStrategy = ref('redirectStrategy')
}
}
Then you should be good to go. Let me know if it works.
这篇关于Grails安全插件自定义重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!