如何在grails中定制spring security插件登录页面 [英] How to customize spring security plugin Login page in grails

问题描述

我试过没有成功的定制spring security 3.1.1的登录页面。
我在views目录中创建了一个登录目录，并在登录目录中创建了一个auth.gsp，并将自定义窗体放在那里。
下面是代码：

 < g：form name =form-loginmethod =POST action =$ {resource（'file'：'j_spring_security_check'）}> 
< label for =j_username>用户名：< / label> 
 < label for =j_password>密码：< / label> 
< g：passwordField name =j_password/> 
< g：submitButton name =loginvalue =登录/> 
< / g：表格> 
  

它接受用户名和密码，但点击登录按钮后，它仍然显示窗体。任何解决方案。

解决方案

这是一个使用旧的动作地址的旧形式（导致重定向的核心问题）以及用户名/密码的旧名称（潜在的问题会更令人沮丧，因为它总是会以正确的值失败，因为如果它们设置了错误的参数，它们就不可用名字）。

3.x并不像2.x那样简单，可以覆盖插件文件。在2.x插件中，zip文件解压缩到项目根目录的 target 目录中，并且可以使用插件源做有效和/或疯狂的事情。在3.x中，插件是编译好的jar文件，所以希望我们可以减少疯狂的总量，但是我们也会让这种有效的事情变得更难。

但是这是开源软件，确切的.gsp文件或足够接近的文件很容易在源代码库中找到，它是 here 。

auth.gsp 取得来自主分支的最新文件，或者您可以查看历史记录（recentl版本和未来版本将继续被标记），因此可以很容易地获得旧版本，例如从版本3.0.4 。

虽然这并不是最终的答案，但因为插件是非常可配置的，并且您可以覆盖GSP中使用的几个变量配置，所以你应该替换只查看值的代码，因为你的应用不太可能从这种灵活性中受益。配置设置的默认值位于 DefaultSecurityConfig.groovy 中，但我将这些GSP留在了查找代码中，因此您只需要删除它并保留这些值。

以下是内部的表单元素（您需要整个文件，但我不会显示不需要更改的部分） ：

 < form action =$ {postUrl？：'/ login / authenticate'}method =POSTid =loginFormclass =cssformautocomplete =off> 
< p> 
< label for =username>< g：message code ='springSecurity.login.username.label'/>：< / label> 
< input type =textclass =text_name =$ {usernameParameter？：'username'}id =username/> 
< / p> 
 
< p> 
< label for =password>< g：message code ='springSecurity.login.password.label'/>：< / label> 
< input type =passwordclass =text_name =$ {passwordParameter？：'password'}id =password/> 
< / p> 
 
< p id =remember_me_holder> 
< input type =checkboxclass =chkname =$ {rememberMeParameter？：'remember-me'}id =remember_me< g：if test ='$ {hasCookie}' >检查= 检查 < /克：如果> /> 
< label for =remember_me>< g：message code ='springSecurity.login.remember.me.label'/>< / label> 
< / p> 
 
< p> 
< input type =submitid =submitvalue =$ {message（code：'springSecurity.login.button'）}/> 
< / p> 
< / form> 
  

对于第一次传球，您可以将其更改为：

 < form action =/ login / authenticate'method =POSTid =loginFormclass =cssformautocomplete =off> 
< p> 
< label for =username>< g：message code ='springSecurity.login.username.label'/>：< / label> 
< input type =textclass =text_name =usernameid =username/> 
< / p> 
 
< p> 
< label for =password>< g：message code ='springSecurity.login.password.label'/>：< / label> 
< input type =passwordclass =text_name =passwordid =password/> 
< / p> 
 
< p id =remember_me_holder> 
< input type =checkboxclass =chkname =remember-meid =remember_me/> 
< label for =remember_me>< g：message code ='springSecurity。 login.remember.me.label'/>< / label> 
< / p> 
 
< p> 
< input type =submitid =submitvalue =$ {message（code：'springSecurity.login.button'）}/> 
< / p> 
< / form> 
  

你可以使用任何后缀url和用户名/密码参数名称，包括旧的名称，但是你需要设置配置属性，以便处理登录的Spring Security过滤器查看正确的uri并期待您发送的参数名称。如果你确定了默认值，那么这个就可以工作了，你当然可以做任何你想要的常规HTML和CSS / JS更改。

I've tried without success to customize the login page in spring security core 3.1.1. I created a login directory in the views directory and an auth.gsp in the login directory and put my custom form there. Here is the code:

<g:form name="form-login" method="POST" action="${resource('file': 'j_spring_security_check')}">
     <label for="j_username">Username:</label>
      <g:textField name="j_username"/>
                <label for="j_password">Password:</label>
                <g:passwordField name="j_password"/>
            <g:submitButton name="login" value="Log in" />
    </g:form>

It takes the username and password alright but upon clicking the login button, it still shows the form. Any solutions.

解决方案

That's an old form using the old action address (the core problem that's causing the redirect) and old names for username/password (the lurking problem that would have been more frustrating because it will always fail with correct values, since they're not usable if they're set for the wrong parameter names).

It's not as simple in 3.x as it was in 2.x to override plugin files. In 2.x plugins are zip files unpacked in your project root's target directory, and you can do valid and/or crazy things with plugin source. In 3.x the plugins are compiled jars, so hopefully we reduced the total amount of crazy, but we also have made it harder to do valid things like this.

But this is open source software, and the exact .gsp file or one that's close enough is very easy to find in the source repo, which is here.

auth.gsp changes rarely so it's fine to get the latest file from the master branch, or you could look through the history (recentl builds are and future builds will continue to be tagged) so it would be easy to get an older version, e.g. from version 3.0.4.

That's not neccessarily the final answer though because the plugin is very configurable, and you can override several variables used in the GSP in the config, so you should replace code that looks up values with just the values since your app is unlikely to benefit from that flexibility. The defaults for config settings are in DefaultSecurityConfig.groovy, but I left this GSPs inside the lookup code, so you just need to remove that and retain the values.

Here's the inner form element (you need the whole file but I'm not showing the parts that don't need changes):

<form action="${postUrl ?: '/login/authenticate'}" method="POST" id="loginForm" class="cssform" autocomplete="off">
    <p>
        <label for="username"><g:message code='springSecurity.login.username.label'/>:</label>
        <input type="text" class="text_" name="${usernameParameter ?: 'username'}" id="username"/>
    </p>

    <p>
        <label for="password"><g:message code='springSecurity.login.password.label'/>:</label>
        <input type="password" class="text_" name="${passwordParameter ?: 'password'}" id="password"/>
    </p>

    <p id="remember_me_holder">
        <input type="checkbox" class="chk" name="${rememberMeParameter ?: 'remember-me'}" id="remember_me" <g:if test='${hasCookie}'>checked="checked"</g:if>/>
        <label for="remember_me"><g:message code='springSecurity.login.remember.me.label'/></label>
    </p>

    <p>
        <input type="submit" id="submit" value="${message(code: 'springSecurity.login.button')}"/>
    </p>
</form>

and for the initial pass you would want to change it to this:

<form action="/login/authenticate' method="POST" id="loginForm" class="cssform" autocomplete="off">
    <p>
        <label for="username"><g:message code='springSecurity.login.username.label'/>:</label>
        <input type="text" class="text_" name="username" id="username"/>
    </p>

    <p>
        <label for="password"><g:message code='springSecurity.login.password.label'/>:</label>
        <input type="password" class="text_" name="password" id="password"/>
    </p>

    <p id="remember_me_holder">
        <input type="checkbox" class="chk" name="remember-me" id="remember_me"/>
        <label for="remember_me"><g:message code='springSecurity.login.remember.me.label'/></label>
    </p>

    <p>
        <input type="submit" id="submit" value="${message(code: 'springSecurity.login.button')}"/>
    </p>
</form>

You can use whatever post url and username/password param names you want including the old ones, but you need to set the config properties so the Spring Security filter that processes logins is looking at the correct uri and is expecting the param names that you're sending. If you're ok with the defaults then this will work, and you can of course make whatever regular HTML and CSS/JS changes you want.

这篇关于如何在grails中定制spring security插件登录页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！