Grails Spring Security插件 - 修改登录用户的权限 [英] Grails Spring Security plugin - modify logged in user's authorities
问题描述
我有一个安装了Spring Security Core插件的简单Grails应用程序,并且工作正常。但是,我还没有找到任何解决方案来更新安全上下文中登录的用户权限。我不是在说更新当前用户的详细信息(即springSecurityService.reauthenticate)。
我的问题是:我有一个简单的用户管理应用程序,使用了ROLE_ADMIN和ROLE_USER权限。现在,我有两个管理员从不同的计算机同时登录(使用ROLE_ADMIN权限),一个管理员决定将其他管理员的权限从ROLE_ADMIN更改为ROLE_USER。
如何更新用户和角色,以便修改的用户(具有新的ROLE_USER角色)不能执行任何ROLE_ADMIN级别的操作,并立即重定向到ROLE_USER级别的页面?有没有办法更新安全上下文,所以我不必在所有控制器操作中进行额外检查,无论登录用户的权限是否已更改?我能以某种方式使用cahceUsers属性吗?我没有修改cacheUser,并且我的理解是默认为false。如果我错了,请纠正我。
编辑:
导致问题的顺序是
管理员A修改管理员B并为管理员B设置新角色(ROLE_USER)。
代码调用 PersonRole.removeAll(personInstanceB)和
并且一切正常更新
PersonRole.create(personInstanceB,roleAdmin)
同时管理员B在其权限被修改时已经登录。管理员B可以继续在ROLE_ADMIN受限制页面上工作,直到他/她注销并执行新的登录。只有这样当局才会更新,管理员B具有新的角色(ROLE_USER)
我希望管理员B在重定向到ROLE_USER页面时用户使用新角色进行更新,而不仅仅是在注销/登录之后 调用 springSecurityService.reauthenticate personInstanceB.username)
导致管理员A以管理员B的身份登录,因此无法使用。
任何想法都会受到欢迎。我可能错过了一些简单的东西,但我不知道解决方案是什么。
干杯,
mizzzto
在你的控制器/服务类中,$ / $> $ / $>
...
User user = User.get(springSecurityService.principal.id)//获取用户
角色adminRole = //获取或创建管理角色
UserRole.remove用户,角色//删除管理员角色
角色userRole = //获取或创建用户角色
UserRole.create user,role //添加用户角色
...
if(!user.hasErrors()&&& user.save(flush: true)){
springSecurityService.reauthenticate user.username //刷新用户安全性deatils
}
....
编辑
现在更清晰了。
我要做的就是使用开关用户功能。请参阅切换用户首先将 在您的管理页面某处, - I have a simple Grails app with Spring Security Core plugin installed and working fine. However, I haven't found any solution to the problem with updating a logged in user's authorities in the security context. I am not talking about updating the current user's details (i.e. springSecurityService.reauthenticate). My problem is: I have a simple user management app with ROLE_ADMIN and ROLE_USER authorities used. Now, I have 2 administrators logged in at the same time (with ROLE_ADMIN authority) from different computers, and one admin decides to change the other admin's authority from ROLE_ADMIN to ROLE_USER. How can I update the user and role so that the modified user (with new ROLE_USER role) cannot perform any ROLE_ADMIN level actions and is immediately redirected to ROLE_USER level pages? Is there a way to update the security context so I don't have to do additional checking in all the controller actions whether the logged in user's authorities have been changed? Can I use the cahceUsers property for that somehow? I haven't modified the cacheUsers and in my understanding, it's false by default. Please, correct me if I'm wrong. EDIT:
The sequence that's causing the problem is Administrator "A" modifies administrator "B" and sets a new role (ROLE_USER) for administrator "B" the code calls at the same time Administrator "B" is already logged in when their authorities are modified. Administrator "B" can continue working on ROLE_ADMIN restricted pages until he/she logs out and does a new login. Only then the authorities are updated and Administrator "B" has the new role (ROLE_USER) I want Administrator "B" to be redirected to the ROLE_USER pages when the user is updated with the new role and not only after logout/login calling Any ideas would be very welcome. I may have missed something simple here but I have no idea what the solution would be. Cheers,
mizzzto This is untested but give it a try In your controller/service class,
That is a lot clearer now. What I would do off the top of my head is use the switch user function. see Switch User in your admin page somewhere, --
You can use the code form the first answer to create a method in your controller or service that take a userInstance and changes thier role from admin to user.
这篇关于Grails Spring Security插件 - 修改登录用户的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! useSwitchUserFilter
属性设置为 true
ROLE_SWITCH_USER
)。 li>
< sec:ifAllGranted roles =' ROLE_SWITCH_USER'>
< form action ='/ j_spring_security_switch_user'method ='POST'>
切换到用户:< input type ='text'name ='j_username'/> <峰; br />
< input type ='submit'value ='Switch'/>
< / form>
< / sec:ifAllGranted>
adminToUser()
方法来更改其角色设置(例如)
您可以使用代码形式首先回答在您的控制器或服务中创建一个方法,该方法需要一个userInstance并将其角色从admin更改为user。
def adminToUser (user,adminRole,userRole){
UserRole.remove user,adminRole
UserRole.create user,userRole
if(!user.hasErrors()&&& user.save(flush: true)){
springSecurityService.reauthenticate user.username
}
}
PersonRole.removeAll(personInstanceB) and
PersonRole.create(personInstanceB, roleAdmin)
and everything is updated normallyspringSecurityService.reauthenticate personInstanceB.username)
causes Administrator "A" to be "logged in" as Administrator "B" so this does not work....
User user = User.get(springSecurityService.principal.id) //get the user
Role adminRole = //get or create the admin Role
UserRole.remove user, role // remove admin Role
Role userRole = // get or create the user Role
UserRole.create user, role //add the user Role
...
if (!user.hasErrors() && user.save(flush: true)) {
springSecurityService.reauthenticate user.username // refresh the users security deatils
}
....
EDIT
useSwitchUserFilter
attribute to true
ROLE_SWITCH_USER
) for this priviledge.<sec:ifAllGranted roles='ROLE_SWITCH_USER'>
<form action='/j_spring_security_switch_user' method='POST'>
Switch to user: <input type='text' name='j_username'/> <br/>
<input type='submit' value='Switch'/>
</form>
</sec:ifAllGranted>
adminToUser()
method below(for example)def adminToUser(user, adminRole, userRole){
UserRole.remove user, adminRole
UserRole.create user, userRole
if (!user.hasErrors() && user.save(flush: true)) {
springSecurityService.reauthenticate user.username
}
}