2014-02-27 58 views
2

我想知道是否有人知道一個優雅的方式來獲取有權訪問當前頁面的Spring安全插件中的所有角色。Grails Spring Security獲取當前頁面的角色

我使用的是spring security,它被配置爲使用RequestMap域對象。

我的應用程序的權限非常複雜,所以我想在每個頁面的底部製作一個標籤,以顯示需要使用該頁面的角色。

我在做一個查詢請求地圖,但我想確保我匹配url的方式與插件的方式相同。

理想情況下,我根本不需要運行查詢。

Grails的2.2.1版本的Spring Security插件版本1.2.7.3

在此先感謝

回答

2

我得到這個通過添加下列兩類,以我的src/java的工作。

1類

import org.springframework.security.access.ConfigAttribute; 
import org.springframework.security.web.FilterInvocation; 
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource; 

import javax.servlet.http.HttpServletRequest; 
import java.util.Collection; 

public class MyFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource { 

FilterInvocationSecurityMetadataSource oldBean; 

@Override 
public Collection<ConfigAttribute> getAttributes(Object o) throws IllegalArgumentException { 
    FilterInvocation filterInvocation = (FilterInvocation) o; 
    HttpServletRequest request = filterInvocation.getHttpRequest(); 
    request.setAttribute("PAGEROLES", oldBean.getAttributes(filterInvocation)); 

    return oldBean.getAttributes(o); 
} 

@Override 
public Collection<ConfigAttribute> getAllConfigAttributes() { 
    return oldBean.getAllConfigAttributes(); 
} 

@Override 
public boolean supports(Class<?> aClass) { 
    return FilterInvocation.class.isAssignableFrom(aClass); 
} 

public Object getOldBean() { return oldBean; } 
public void setOldBean(FilterInvocationSecurityMetadataSource oldBean) { this.oldBean = oldBean; } 
} 

2類

import org.springframework.beans.BeansException; 
import org.springframework.beans.factory.BeanFactory; 
import org.springframework.beans.factory.BeanFactoryAware; 
import org.springframework.beans.factory.config.BeanPostProcessor; 
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; 
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource; 

public class FilterSecurityMDSExtractor implements BeanPostProcessor, BeanFactoryAware { 
    private ConfigurableListableBeanFactory bf; 
    private FilterInvocationSecurityMetadataSource metadataSource = new MyFilterInvocationSecurityMetadataSource(); 

    public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException { 
     if (bean instanceof FilterInvocationSecurityMetadataSource) { 
      ((MyFilterInvocationSecurityMetadataSource) metadataSource).setOldBean((FilterInvocationSecurityMetadataSource) bean); 
      return metadataSource; 
     } 
     return bean; 
    } 

    public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException { 
     return bean; 
    } 

    public void setBeanFactory(BeanFactory beanFactory) throws BeansException { 
     this.bf = (ConfigurableListableBeanFactory)beanFactory; 
    } 
} 

我然後加入下列到resources.groovy

beans = { 
     filterSecurityMDSExtractor(FilterSecurityMDSExtractor) 
} 

基本上我餡用戶角色進入請求

request.setAttribute("PAGEROLES", oldBean.getAttributes(filterInvocation)); 

那麼我需要做的就是調用下面

request.getAttribute("PAGEROLES"); 

獲得角色退了出來。我通過從Stackoverflow上的其他好帖子竊取我的解決方案。其他人可能會有更好的解決方案,但到目前爲止,這對我來說很有用。