我是Groovy和Grails的新手。我已經使用數據庫請求映射開發了一個使用Spring Security插件的應用程序。我想根據角色自定義重定向到主頁。Grails安全插件自定義重定向
如果用戶ROLE_ADMIN他會在視圖中被重定向到他的主頁ADMINUSER/Homepage.gsp
如果用戶ROLE_USER他會在視圖中用戶重定向到他的主頁/ Homepage.gsp
根據用戶登錄,我無法獲得任何自定義身份驗證重定向。
這就是我的做法。我已經根據您的需求進行了修改。讓我知道它是否有幫助。
內springsecurities的LoginController在auth下()方法做這樣的事情(它會得到該頁面的用戶是點擊登錄之前):
def auth() {
session['returnUrl'] = request.getHeader("Referer")
def config = SpringSecurityUtils.securityConfig
if (springSecurityService.isLoggedIn()) {
redirect uri: config.successHandler.defaultTargetUrl
return
}
String view = 'auth'
String postUrl = "${request.contextPath}${config.apf.filterProcessesUrl}"
render view: view, model: [postUrl: postUrl,
rememberMeParameter: config.rememberMe.parameter]
}
現在裏面的src/Groovy中創建一個身份驗證成功處理程序:
package packageName
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
public class MyAuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler
{
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response)
{
def returnUrl = request.getSession().getAttribute('returnUrl')
// Get current users role using springSecurityService
// You can inject springSecurityService into this class
// http://stackoverflow.com/questions/6467167/how-to-get-current-user-role-with-spring-security-plugin
if (role == 'ROLE_ADMIN')
{
returnUrl = '/adminUser/Homepage.gsp'
}
else if (role == 'ROLE_USER')
{
returnUrl = '/User/Homepage.gsp'
}
else
{
returnUrl = 'redirect somewhere'
}
request.getSession().removeAttribute('returnUrl')
return returnUrl
}
}
現在conf下/春/ resources.groovy像這樣創建一個bean:
import grails.plugin.springsecurity.SpringSecurityUtils
// Place your Spring DSL code here
beans = {
authenticationSuccessHandler(packageName.MyAuthSuccessHandler) {
def conf = SpringSecurityUtils.securityConfig
requestCache = ref('requestCache')
defaultTargetUrl = conf.successHandler.defaultTargetUrl
alwaysUseDefaultTargetUrl = conf.successHandler.alwaysUseDefault
targetUrlParameter = conf.successHandler.targetUrlParameter
useReferer = conf.successHandler.useReferer
redirectStrategy = ref('redirectStrategy')
}
}
然後,你應該很好去。讓我知道它是否有效。
請參閱我的更新答案。 – sean3838
你必須在你的方法之前注入springSecurityService。另外,getAuthorities()應該返回一個列表,所以你必須循環遍歷它(這是因爲人們可以有多個角色)。
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
public class MyAuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler
{
def springSecurityService
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response)
{
def returnUrl = request.getSession().getAttribute('returnUrl')
def roles = springSecurityService.getPrincipal().getAuthorities()
for (role in roles)
{
if (role == 'ROLE_ADMIN')
{
returnUrl = '/adminUser/Homepage.gsp'
}
else if (role == 'ROLE_USER')
{
returnUrl = '/User/Homepage.gsp'
}
}
request.getSession().removeAttribute('returnUrl')
return returnUrl
}
}
非常感謝你的幫助BT的問題仍然是相同的,它再次返回空..... springSecurityService沒有被初始化,它正在得到一個空指針異常..... 下面是我的錯誤代碼: - [錯誤消息]消息:無法在空對象上調用方法getPrincipal() – Abhishek
假設你有你的BuildConfig這樣一行:在引導文件
compile ":spring-security-core:2.0-RC4"
和一些像這樣的代碼:
def roleAdmin = new Role(authority:LSSRole.ROLE_ADMIN.toString()).save(failOnError: true)
def roleFirm = new Role(authority:LSSRole.ROLE_FIRM.toString()).save(failOnError: true)
def roleLaw = new Role(authority:LSSRole.ROLE_LAWYER.toString()).save(failOnError: true)
def roleFin = new Role(authority:LSSRole.ROLE_FINANCE.toString()).save(failOnError: true)
與此代碼創建了一個示例管理用戶:
UserRole.create admin, roleAdmin, true
和配置一些像這樣的代碼:
'/dbconsole/**': [LSSRole.ROLE_ADMIN.toString()],
'/secure/**': [LSSRole.ROLE_ADMIN.toString()],
'/payment/**': [LSSRole.ROLE_FIRM.toString()],
'/filing/**': [LSSRole.ROLE_FIRM.toString()],
'/finance/**': [LSSRole.ROLE_FINANCE.toString()],
'/lawyer/**': [LSSRole.ROLE_LAWYER.toString()],
其中LSSRole是一個枚舉,而像這樣的代碼:
"/" {
controller = "dispatch"
action = "index"
}
成功登錄後,轉移用戶,你可以建立像這樣的調度員根據他們的角色將用戶分派到不同的着陸頁:
class DispatchController {
def index() {
def controller = 'login'
def action = 'auth'
if (SpringSecurityUtils.ifAllGranted(LSSRole.ROLE_ADMIN.toString())) {
controller = 'secure'
action = 'index'
} else if (SpringSecurityUtils.ifAllGranted(LSSRole.ROLE_FINANCE.toString())) {
controller = 'finance'
action = 'index'
} else if (SpringSecurityUtils.ifAllGranted(LSSRole.ROLE_FIRM.toString())) {
controller = 'filing'
action = 'summary'
} else if (SpringSecurityUtils.ifAllGranted(LSSRole.ROLE_LAWYER.toString())) {
controller = 'lawyer'
action = 'index'
} else {
flash.message = 'Where do you think you\'re going? Nno no no'
SecurityContextHolder.clearContext()
}
redirect controller:controller, action:action
}
希望這有助於。
請注意,在DispatcherController中使用此方法時,不需要顯式依賴注入springSecurityService,它按原樣工作。 – mohsenmadi
非常感謝您的回答,這是一個很好的重定向方法.....但我的方案有點不同,您的邏輯不能在我的應用程序中結合.... – Abhishek
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
import grails.plugin.springsecurity.SpringSecurityUtils
public class MyAuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler
{
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response)
{
def returnUrl = request.getSession().getAttribute('returnUrl')
def roles = SpringSecurityUtils.getPrincipalAuthorities()
for (String role in roles)
{
if (role.equals("ROLE_ADMIN")) {
returnUrl = '/AdminUser/index.gsp'
}
else if (role.equals("ROLE_USER")) {
returnUrl = '/User/index.gsp'
}
else {
returnUrl = '/'
}
}
request.getSession().removeAttribute('returnUrl')
return returnUrl
}
}
這裏是我工作的代碼.... 而注入我用SpringSecurityUtils獲取當前用戶角色,並重定向到所需的頁面...... 感謝大家的支持的依賴。
@ sean3838感謝幫助我.....
注入springSecurityService是給一個空指針異常下面 是代碼和錯誤消息 – Abhishek