Grails 和 Spring Security 插件:基于角色登录时重定向用户

Posted

技术标签:

【中文标题】Grails 和 Spring Security 插件:基于角色登录时重定向用户【英文标题】:Grails and Spring Security Plugin: Redirecting user upon login based on roles 【发布时间】:2015-01-16 08:22:18 【问题描述】:

我想根据用户的角色在成功登录后重定向用户。我正在关注this example,但该方法永远不会执行(打印不会发生)。

我的资源.groovy:

beans = 
authenticationSuccessHandler(UrlRedirectEventListener)

    def conf = SpringSecurityUtils.securityConfig      
    requestCache = ref('requestCache')
    defaultTargetUrl = conf.successHandler.defaultTargetUrl
    alwaysUseDefaultTargetUrl = conf.successHandler.alwaysUseDefault
    targetUrlParameter = conf.successHandler.targetUrlParameter
    useReferer = conf.successHandler.useReferer
    redirectStrategy = ref('redirectStrategy')
    defaultUrl= "/"
    adminUrl = "/admin/"
    userUrl = "/user/"


还有我的 UrlRedirectEventListener

class UrlRedirectEventListener 
extends SavedRequestAwareAuthenticationSuccessHandler 


@Override
protected String determineTargetUrl(HttpServletRequest request,
                                        HttpServletResponse response) 

    boolean hasBoth = SpringSecurityUtils.ifAllGranted("ROLE_USER,ROLE_ADMIN");
    boolean hasUser = SpringSecurityUtils.ifAnyGranted("ROLE_USER");
    boolean hasAdmin = SpringSecurityUtils.ifAnyGranted("ROLE_ADMIN");

    println("hasBoth:"+hasBoth+ " hasUser:"+hasUser+ " hasAdmin:"+hasAdmin)
    if( hasBoth )
        return defaultLoginUrl;
    else if ( hasUser )
        return userUrl ;
    else if ( hasAdmin )
        return adminUrl ;
    else
        return super.determineTargetUrl(request, response);
    


private String defaultLoginUrl;
private String mmrLoginUrl;
private String pubApiLoginUrl;

...setters for urls
 

我错过了什么? 我正在使用 Grails 2.0.4 和 Spring Security Plugin 2 RC2.0

谢谢!

编辑:

我也有这个控制器来测试我的 bean 是否已创建,它显示正确。

class TestController 

   AuthenticationSuccessHandler authenticationSuccessHandler

   def index()
   
      render( authenticationSuccessHandler  )
   

【问题讨论】:

【参考方案1】:

查看源代码后,我想通了。问题是SavedRequestAwareAuthenticationSuccessHandler 的方法onAuthenticationSuccess 永远不会使用我使用的简单登录方案(由插件生成的默认值)到达覆盖的方法determineTargetUrl。我实际上必须重写 onAuthenticationSuccess 并将我的逻辑放在那里。

有问题的来源:

SavedRequestAwareAuthenticationSuccessHandler 扩展 SimpleUrlAuthenticationSuccessHandler 扩展 AbstractAuthenticationTargetUrlRequestHandler

我更新的UrlRedirectEventListener,大部分是从SavedRequestAwareAuthenticationSuccessHandler复制粘贴的:

@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws ServletException, IOException 
    SavedRequest savedRequest = requestCache.getRequest(request, response);
    if (savedRequest == null) 
        super.onAuthenticationSuccess(request, response, authentication);
        return;
    
    String targetUrlParameter = getTargetUrlParameter();
    if (isAlwaysUseDefaultTargetUrl() || (targetUrlParameter != null && StringUtils.hasText(request.getParameter(targetUrlParameter)))) 
        requestCache.removeRequest(request, response);
        super.onAuthenticationSuccess(request, response, authentication);
        return;
    
    def targetUrl = savedRequest.getRedirectUrl();
    if( targetUrl != null && targetUrl != "" && targetUrl.endsWith("/myApp/") ) // I only want to differently handle "/". If a user hits /user/, or any other url, attempt to send him there. Spring Security will deny him access based on his privileges if necessary.
        targetUrl = this.determineTargetUrl( request, response ) // This is the method defined above. Only thing changed there is I removed the `super` call

    clearAuthenticationAttributes(request);
    logger.info("Redirecting to Url: " + targetUrl);
    getRedirectStrategy().sendRedirect(request, response, targetUrl);

【讨论】:

您可能应该接受您自己的答案以表明问题已解决。 我会的!在我发布问题后 2 天我才能做到这一点:)

以上是关于Grails 和 Spring Security 插件:基于角色登录时重定向用户的主要内容,如果未能解决你的问题,请参考以下文章

Grails + spring-security-core:用户登录后如何分配角色?

Grails 3 和 Spring Security:当用户未登录时返回 401

Grails - Spring Security / Social - Facebook 插件 setAccessToken 和 getAccessToken

ClassNotFoundException: SimpleGrantedAuthority - Grails 2.4.2 和 Spring Security

Spring Security UI 和 grails 2.0

Grails 3 Spring Security 覆盖登录表单