1. 首頁
  2. 問答
  3. 自定義Spring Security渲染頁面,當授權失敗時,Grails

自定義Spring Security渲染頁面,當授權失敗時,Grails

2015-06-16 132 views
0

例如我有一個gsp頁面,當我通過Grails中的Spring Security進行授權失敗時,我想要顯示它。目前我想處理兩個失敗原因:自定義Spring Security渲染頁面,當授權失敗時,Grails

1) Password and login combination is incorrect 
2) User have not neccessary permissions to view page

如何做到這一點?

這是我的LoginController:

@Secured(['permitAll']) 
class LoginController { 
    def auth() { 
     render (view:'auth.gsp') 
    } 
}

這是GSP頁授權形式:

<form class="form-signin" action='/restorator/j_spring_security_check' method='POST' id='loginForm'> 
     <h2 class="form-signin-heading">Login</h2> 
     <div class="text-left"> 
      <small>Login</small> 
     </div>   
     <label for="username" class="sr-only">Login</os-p></label> 
     <input id="username" name='j_username' class="form-control" placeholder="Login" required="" autofocus="" type="text"> 
     <div class="text-left"> 
      <small>Password</small> 
     </div> 
     <label for="password" class="sr-only">Password</label> 
     <input id="password" class="form-control" name='j_password' data-translatable-string="Password" type="password"> 
     <div class="checkbox"> 
      <label data-replace-tmp-key="2c2fb6d9630510f8721fb57d8c90d50c"><os-p key="2c2fb6d9630510f8721fb57d8c90d50c"><input value="remember-me" type="checkbox" class='chk' name='_spring_security_remember_me' id='remember_me'>Remember me</os-p></label> 
     </div> 
     <button class="btn btn-lg btn-primary btn-block" type="submit" id="submit" >Enter</button> 
</form>

春季安全配置:

// Added by the Spring Security Core plugin: 
grails.plugin.springsecurity 
grails.plugin.springsecurity.logout.postOnly = false 
grails.plugin.springsecurity.userLookup.userDomainClassName = 'restorator.auth.Person' 
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'restorator.auth.PersonAuthority' 
grails.plugin.springsecurity.authority.className = 'restorator.auth.Authority' 
grails.plugin.springsecurity.controllerAnnotations.staticRules = [ 
    '/':        ['permitAll'], 
    '/index':       ['permitAll'], 
    '/index.gsp':      ['permitAll'], 
    '/assets/**':      ['permitAll'], 
    '/**/js/**':      ['permitAll'], 
    '/**/css/**':      ['permitAll'], 
    '/**/images/**':     ['permitAll'], 
    '/**/fonts/**':     ['permitAll'], 
    '/**/favicon.ico':    ['permitAll'], 
    '/startPage':      ['permitAll'], 
    '/dbconsole/**':     ['permitAll'], 
    '/publicCafeeView':    ['permitAll'], 
    '/publicCafeeInfo':    ['permitAll'] 
]

來源

2015-06-16 pragmus

+0

顯示您的安全配置 – injecteer

+0

@injecteer,更新 – pragmus

回答

1
在你的配置3線

缺失:

  1. 失敗的認證(登錄): '?/登錄loginError =真'

grails.plugin.springsecurity.failureHandler.defaultFailureUrl =

  • 錯授權(錯誤的權限):

    • grails.plugin.springsecurity.adh.errorPage = '/登錄/否認' grails.plugin.springsecurity.adh.ajaxErrorPage = '/登錄/拒絕'

    這些2線是默認映射。你可以簡單地把你的「denied.gsp」入/login目錄,它會被自動接聽

    來源

    2015-06-17 08:38:38 injecteer

    相關問題

     相關問題