Grails弹簧安全角色和组 [英] grails spring security role and group

问题描述

我使用这个scipt来创建域类：

  grails s2-quickstart com.yourapp用户角色--groupClassName = RoleGroup 
  

我假设一个用户可以有许多组，其中一个组可以有多个角色。这是在User类中生成的方法的样子：

 设置< RoleGroup> getAuthorities（）{
 UserRoleGroup.findAllByUser（this）.collect {it.roleGroup} 
} 
  

但现在我看到脚本还创建了一个名为UserRole的类，它是User和Role之间的关联。所以用户也可以直接拥有很多角色？

我试过了，它保存在数据库中。我修改了这样的方法：
$ b $ pre $ def $ getAuthorities（）{
def authorities = UserRoleGroup.findAllByUser（this）。收集{it.roleGroup}

权限.addAll（UserRole.findAllByUser（this）.collect {it.role}）
返回权限
}

现在，当我在用户< - >角色关联中的数据库中创建一个条目时。我无法再登录。我收到spring security的默认消息，基本上说没有找到凭证。

当我手动删除条目时，我可以再次登录。我认为这是因为该方法只返回RoleGroup对象。

我的问题是：

a）我还可以在配置组时直接分配角色

b）如果没有，为什么创建此类的脚本

如果是，我该怎么做？ 我不认为你会期望你分配角色当您使用群组时，直接转换为用户。



为用户分配组，并将角色分配给组。

我认为所提供的代码结构在降级应用程序时可能很有用

仅使用用户和角色，而不会违反当前的规则。

I have configured my spring security to work with groups.

I used this scipt to create the domain classes:

grails s2-quickstart com.yourapp User Role --groupClassName=RoleGroup

I assumed that a user can have many groups where a group can have many roles

This is what a generated method looks like in the User class:

Set<RoleGroup> getAuthorities() {
    UserRoleGroup.findAllByUser(this).collect { it.roleGroup }
}

But now I seen that the script also created a class called UserRole which is the association between User and Role. So a User can ALSO have many Roles directly?

I tried it and it is saved in the database. I modified the method like this:

def getAuthorities() {
    def authorities = UserRoleGroup.findAllByUser(this).collect { it.roleGroup }

    authorities.addAll(UserRole.findAllByUser(this).collect { it.role })
    return authorities
}

Now, when I create a entry in the database in the User <--> Role association. I cannot login anymore. I get the default message by spring security basically saying that no credentials have been found.

When I delete the entry manually, I can login again. I think this is because the method is then only returning RoleGroup objects.

My questions are:

a) can I also assign roles directly when I have configured Groups

b) if no, why is the script creating this class

c) if yes, how do I do that?

解决方案

I don't think one would expect you to assign a Role directly to User when you are using Groups.

Assign a Group to User ,and Role to Group.

I think the presented code structure might be useful when "downgrading" your app

to use only User and Roles, Without breaking your current set of rules.

这篇关于Grails弹簧安全角色和组的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！