Grails Acegi插件注释 [英] Grails Acegi plugin annotations
问题描述
我使用Spring Security(AKA Acegi)插件提供的注释。我有控制器操作注释了
I'm using the annotations provided by the Spring Security (AKA Acegi) plugin. I have controller actions annotated with
@Secured(['ROLE_ADMIN', 'ROLE_USER'])
表示它们应该可供管理员和普通用户使用。但是现在我需要指出管理员和未注册用户可以使用某项操作。是否有可能使用注释来指示没有任何角色的用户,即未注册?
To indicate that they should be available to administrators and regular users. But now I need to indicate that an action is available to administrators and unregistered users. Is it possible to use annotations to indicate a user without any role, i.e. unregistered?
谢谢,
Don
Thanks, Don
推荐答案
这是一个解决方案,要求您不要登录,或者您有ROLE_ADMIN。您需要一个处理新的'IS_NOT_AUTHENTICATED'令牌的自定义投票者:
Here's a solution that requires that you not be logged in, or that you have ROLE_ADMIN. You need a custom voter that processes a new 'IS_NOT_AUTHENTICATED' token:
package com.burtbeckwith.grails.springsecurity
import org.springframework.security.Authentication
import org.springframework.security.AuthenticationTrustResolverImpl
import org.springframework.security.ConfigAttribute
import org.springframework.security.ConfigAttributeDefinition
import org.springframework.security.vote.AccessDecisionVoter
class NotLoggedInVoter implements AccessDecisionVoter {
private authenticationTrustResolver = new AuthenticationTrustResolverImpl()
int vote(Authentication authentication, object, ConfigAttributeDefinition config) {
for (configAttribute in config.configAttributes) {
if (supports(configAttribute)) {
if (authenticationTrustResolver.isAnonymous(authentication)) {
// allowed if not logged in
return ACCESS_GRANTED
}
for (authority in authentication.authorities) {
if ('ROLE_ADMIN' == authority.authority) {
// allowed if logged in as an admin
return ACCESS_GRANTED
}
}
}
}
return ACCESS_DENIED
}
boolean supports(ConfigAttribute attribute) {
'IS_NOT_AUTHENTICATED' == attribute?.attribute
}
boolean supports(Class clazz) {
true
}
}
在resources.groovy中注册为一个bean:
Register this as a bean in resources.groovy:
beans = {
notLoggedInVoter(com.burtbeckwith.grails.springsecurity.NotLoggedInVoter)
}
并通过设置'decisionVoterNames'属性将其添加到SecurityConfig.groovy的选民列表中:
and add it to the voters list in SecurityConfig.groovy by setting the 'decisionVoterNames' property:
decisionVoterNames = ['notLoggedInVoter', 'authenticatedVoter', 'roleVoter']
并用这个标注控制器动作: p>
and annotate your controller action with this:
@Secured(['IS_NOT_AUTHENTICATED'])
,它只允许非认证用户和ROLE_ADMIN认证用户。
and it'll only allow non-authenticated users and authenticated users with ROLE_ADMIN.
这篇关于Grails Acegi插件注释的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!