Grails Spring Security / Acegi。自定义用户+密码过期管理 [英] Grails spring security / Acegi. Custom User + Password expired management
问题描述
我正在从事Grails旧版项目。存在一个名为User的域类。它包含密码,用户名,角色等。
I'm working on a grails legacy project. A domain class called User exists. It contains password, username, roles, etc.
该项目使用Spring Security进行角色管理。我想添加凭据的有效期(强制用户更新密码)。
This project uses Spring Security for role management. I would like to add expiration of credentials ( force the User to renew its password).
我修改了User类。它不是实现 UserDetails界面。
I've modified the User class. Not it implements the UserDetails interface.
但是,当我启动服务器时,出现此错误>
However, when I start the server, I get this error>
org.springframework.beans.factory.BeanCreationException:
创建名称为
的bean时出错'messageSource':
bean的初始化失败嵌套的异常是
org.springframework.beans.factory.BeanCreationException:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'messageSource': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException:
创建名称为
的bean时出错'transactionManager':无法解析
在设置bean属性
'sessionFactory'时引用bean'sessionFactory'
;嵌套的异常是
org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'transactionManager': Cannot resolve reference to bean 'sessionFactory' while setting bean property 'sessionFactory'; nested exception is org.springframework.beans.factory.BeanCreationException:
创建名称为
的bean时出错'sessionFactory':初始化$ b的调用$ b方法失败;嵌套的异常是
org.hibernate.PropertyNotFoundException:
Error creating bean with name 'sessionFactory': Invocation of init method failed; nested exception is org.hibernate.PropertyNotFoundException:
找不到属性
的设置器accountNon在类
com.company中过期。 app.user.User
Could not find a setter for property accountNonExpired in class com.company.app.user.User
我必须注册一些bean吗?我发现该错误非常令人困惑,因为该接口不要求使用setter方法。
Do I have to register some bean? I find the error quite confusing, since the interface doesn't asks for a setter method.
在调查了更多内容之后,我遇到了我的SecurityConfig.groovy,它看起来像很多( AcegiSecurity插件):
After investigating some more, I ran into my SecurityConfig.groovy, that looks A LOT like this (AcegiSecurity Plugin):
security {
// see DefaultSecurityConfig.groovy for all settable/overridable properties
active = true
loginUserDomainClass = "User"
authorityDomainClass = "Role"
....
}
我的用户类也显示为很多,例如:
My User class also looks A LOT like this:
/**
* User domain class.
*/
class User {
static transients = ['pass','passwordExpired','credentialsNonExpired']
static hasMany = [authorities: Role]
static belongsTo = Role
/** Username */
String username
/** User Real Name*/
String userRealName
/** MD5 Password */
String passwd
/** enabled */
boolean enabled
String email
boolean emailShow
/** description */
String description = ''
/** plain password to create a MD5 password */
String pass = '[secret]'
static constraints = {
username(blank: false, unique: true)
userRealName(blank: false)
passwd(blank: false)
enabled()
}
public boolean isCredentialsNonExpired() {
return true;
}
}
我添加了一种方法来检查密码是否应该过期否,对于此类(isCredentialsNonExpired)。我需要此方法在登录时执行。现在,它不是。
I added a method to check if the password should expire or not for this class (isCredentialsNonExpired). I need this method to execute at login. Right now, its not.
所以,看来这是我应该采用的Acegi方法。有什么想法吗?我的理解是Acegi使用Spring Security,对吗?
So it looks like it's the Acegi approach I should take. Any thoughts? Its my understanding that Acegi uses Spring Security, right?
推荐答案
您是在使用Acegi插件还是直接配置它?如果您使用 Spring Security Core 插件,则它将容易得多,因为它不受支持
Are you using the Acegi plugin, or configuring it directly? If you use the Spring Security Core plugin this will be a lot easier since it's supported out of the box.
您可能不希望您的User类成为UserDetailsService类,因为它通常具有其他负担,例如映射的集合等。它当然可以工作,但是创建一个简单的数据类是一种更好的方法。根据Spring Security的版本,方便地将org.springframework.security.userdetails.User或org.springframework.security.core.userdetails.User子类化。
You probably don't want your User class to be your UserDetailsService class since it often has other baggage like mapped collections, etc. It can certainly work, but creating a simple data class is a better approach. It's convenient to subclass org.springframework.security.userdetails.User or org.springframework.security.core.userdetails.User depending on the version of Spring Security.
就像您刚刚为accountNonExpired添加了一个getter一样,但是如果要保留它,那么它也需要一个setter。如果要导出值,并且不希望该字段出现在数据库中,则可以将其添加到瞬态列表中:
It looks like you just added a getter for accountNonExpired but if it's going to be persisted then it needs a setter too. If you're deriving the value and don't want that field to be in the database then you can add it to the transients list:
static transients = ['accountNonExpired']
这篇关于Grails Spring Security / Acegi。自定义用户+密码过期管理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
