使用Grails& Acegi的 [英] login automatically with Grails & Acegi
问题描述
我在我的Grails应用程序中使用Acegi插件。用户注册后,他被重定向到受保护的操作。因此,他显示了登录表单。
但是,我希望用户在完成注册后自动登录。似乎我可以通过重定向到登录表单使用的操作来实现此目的。
$ b $ pre $ redirect(uri:/ j_acegi_security_check?j_username = $ {username}& j_password = $ {passed})
但是这会发送一个HTTP请求到显示用户密码的客户端(并回到服务器)。有没有一种方法可以以安全的方式自动登录?
谢谢,
Don
如果您为spring安全插件(grails generate-registration)生成控制器类,您将在RegisterController中看到以下行,它只是您想要的:
class RegisterController {
def daoAuthenticationProvider
...
def节省= {
...
高清AUTH =新的authToken(person.username,params.passwd)
高清的authToken = daoAuthenticationProvider.authenticate(AUTH)
SecurityContextHolder.context.authentication = authtoken
redirect uri:'/'
}
请确保 params.passwd
是纯文本密码(即不散列),它的作用就像一个魅力。
I'm using the Acegi plugin in my Grails app. After a user registers, he is redirected to an action that is protected. Therefore, he is shown the login form.
However, I would prefer if the user was automatically logged in as soon as he completes registration. It seems like I could achieve this by redirecting to the action that the login form uses
redirect(uri:"/j_acegi_security_check?j_username=${username}&j_password=${passed}")
But this would send a HTTP request to the client (and back to the server) which shows the user's password. Is there a way I can login automatically in a secure fashion?
Thanks, Don
If you generate the controller classes for the spring security plugin (grails generate-registration) you'll see the following lines in RegisterController which does just what you want:
class RegisterController {
def daoAuthenticationProvider
...
def save = {
...
def auth = new AuthToken(person.username, params.passwd)
def authtoken = daoAuthenticationProvider.authenticate(auth)
SecurityContextHolder.context.authentication = authtoken
redirect uri: '/'
}
Be sure that params.passwd
is the plain-text password (i.e. not hashed) and it works like a charm.
这篇关于使用Grails& Acegi的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!