Grails Spring Security获取当前页面的角色 [英] Grails Spring Security Get Roles for the Current Page

问题描述

我想知道是否有人知道在Spring安全插件中获取当前页面的所有角色的方法。

我使用的是spring security，它被配置为使用RequestMap域对象。

我的应用程序的权限是非常复杂，所以我想在每个页面的底部制作一个标签，显示需要使用该页面的角色。

我正在为请求地图进行查询，但我想确保匹配url的方式与插件的方式相同。

理想情况下，我不需要运行任何查询。

Grails 2.2.1版Spring Security插件版本1.2.7.3

预先致谢 这可以通过将以下两个类添加到我的src / java中来工作。

第1类

  import org.springframework.security.access.ConfigAttribute; 
 import org.springframework.security.web.FilterInvocation; 
 import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource; 
 
 import javax.servlet.http.HttpServletRequest; 
 import java.util.Collection; 
 
 public class MyFilterInvocationSecurityMetadataSource实现FilterInvocationSecurityMetadataSource {
 
 FilterInvocationSecurityMetadataSource oldBean; 
 
 @Override 
 public Collection< ConfigAttribute> getAttributes（Object o）抛出IllegalArgumentException {
 FilterInvocation filterInvocation =（FilterInvocation）o; 
 HttpServletRequest request = filterInvocation.getHttpRequest（）; 
 request.setAttribute（PAGEROLES，oldBean.getAttributes（filterInvocation））; 
 
返回oldBean.getAttributes（o）; 
} 
 
 @Override 
 public Collection< ConfigAttribute> getAllConfigAttributes（）{
返回oldBean.getAllConfigAttributes（）; 
} 
 
 @Override 
 public boolean supports（Class<？> aClass）{
 return FilterInvocation.class.isAssignableFrom（aClass）; 
} 
 
 public Object getOldBean（）{return oldBean; } 
 public void setOldBean（FilterInvocationSecurityMetadataSource oldBean）{this.oldBean = oldBean; } 
 
  

2级

  import org.springframework.beans.BeansException; 
 import org.springframework.beans.factory.BeanFactory; 
 import org.springframework.beans.factory.BeanFactoryAware; 
 import org.springframework.beans.factory.config.BeanPostProcessor; 
 import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; 
 import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource; 
 
公共类FilterSecurityMDSExtractor实现BeanPostProcessor，BeanFactoryAware {
 private ConfigurableListableBeanFactory bf; 
 private FilterInvocationSecurityMetadataSource metadataSource = new MyFilterInvocationSecurityMetadataSource（）; 
 $ b $ public Object Object postProcessBeforeInitialization（Object bean，String beanName）抛出BeansException {
 if（bean instanceof FilterInvocationSecurityMetadataSource）{
（（MyFilterInvocationSecurityMetadataSource）metadataSource）.setOldBean（（FilterInvocationSecurityMetadataSource）bean） ; 
返回metadataSource; 
} 
返回bean; 
} 
 
 public Object postProcessAfterInitialization（Object bean，String beanName）throws BeansException {
 return bean; 
} 
 
 public void setBeanFactory（BeanFactory beanFactory）throws BeansException {
 this.bf =（ConfigurableListableBeanFactory）beanFactory; 
} 
} 
  

然后我将以下内容添加到resources.groovy p>

  beans = {
 filterSecurityMDSExtractor（FilterSecurityMDSExtractor）
} 
  

基本上，我将用户角色填充到请求中

  request.setAttribute（PAGEROLES，oldBean.getAttributes（filterInvocation））; 
  

然后我所要做的就是调用以下内容：

  request.getAttribute（PAGEROLES）; 
  

将角色取消。我通过从Stackoverflow上的其他好帖子窃取我的解决方案。其他人可能有更好的解决方案，但到目前为止，这是为我工作。

I was wondering if anyone knows an elegant way to get all the roles in the spring security plugin that have access to the current page.

I am using spring security and it's configured to use RequestMap domain objects.

The permissions in my app are pretty complex so I wanted to make a tag at the bottom of each page displaying the roles need to use the page.

I was doing a query for the request map but I want to make sure the way I match the url is the same as the way the plugin does.

Ideally I wouldn't have to run a query at all.

Grails version 2.2.1 Spring Security Plugin version 1.2.7.3

Thanks in advance

解决方案

I got this to work by adding the following two classes to my src/java.

Class 1

import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;

import javax.servlet.http.HttpServletRequest;
import java.util.Collection;

public class MyFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {

FilterInvocationSecurityMetadataSource oldBean;

@Override
public Collection<ConfigAttribute> getAttributes(Object o) throws IllegalArgumentException {
    FilterInvocation filterInvocation = (FilterInvocation) o;
    HttpServletRequest request = filterInvocation.getHttpRequest();
    request.setAttribute("PAGEROLES", oldBean.getAttributes(filterInvocation));

    return oldBean.getAttributes(o);
}

@Override
public Collection<ConfigAttribute> getAllConfigAttributes() {
    return oldBean.getAllConfigAttributes();
}

@Override
public boolean supports(Class<?> aClass) {
    return FilterInvocation.class.isAssignableFrom(aClass);
}

public Object getOldBean() { return oldBean; }
public void setOldBean(FilterInvocationSecurityMetadataSource oldBean) { this.oldBean = oldBean; }
}

Class 2

import org.springframework.beans.BeansException;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.BeanFactoryAware;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;

public class FilterSecurityMDSExtractor implements BeanPostProcessor, BeanFactoryAware {
    private ConfigurableListableBeanFactory bf;
    private FilterInvocationSecurityMetadataSource metadataSource = new MyFilterInvocationSecurityMetadataSource();

    public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
        if (bean instanceof FilterInvocationSecurityMetadataSource) {
            ((MyFilterInvocationSecurityMetadataSource) metadataSource).setOldBean((FilterInvocationSecurityMetadataSource) bean);
            return metadataSource;
        }
        return bean;
    }

    public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
        return bean;
    }

    public void setBeanFactory(BeanFactory beanFactory) throws BeansException {
        this.bf = (ConfigurableListableBeanFactory)beanFactory;
    }
}

I then added the following to resources.groovy

beans = {
      filterSecurityMDSExtractor(FilterSecurityMDSExtractor)
}

Basically I am stuffing the user roles into the request

request.setAttribute("PAGEROLES", oldBean.getAttributes(filterInvocation));

then all I have to do is call the following

request.getAttribute("PAGEROLES");

to get the roles back out. I pieced together my solution by stealing from other great posts on Stackoverflow. Someone else might have a better solution but so far this is working for me.

这篇关于Grails Spring Security获取当前页面的角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！