问题
I have build a grails application, which on login redirects users to different URLs based on User's role (custom roles defined in roles domain). Now I am trying to integrate Spring Security Core Grails Plugin to the application, so plan to use the plugin's domain model.
I understand the auth action in LoginController does the user login validation and if the user is logged in the redirects to default target URI. My question is how can I know if the logging in user is of type ROLE_ADMIN or ROLE_USER or any other ROLE? How can I check the authority here and then redirect to different URIs?
I would also like to know how the user validation is done i.e. how & where the username and password are validated against the database in spring security?
Thank You. Jay Chandran.
回答1:
The redirect happens in org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler but the plugin extends this class in org.codehaus.groovy.grails.plugins.springsecurity.AjaxAwareAuthenticationSuccessHandler to support Ajax logins.
If you want to customize the redirect location based on roles, I'd subclass AjaxAwareAuthenticationSuccessHandler and override onAuthenticationSuccess(). You'll have access to the Authentication, so you can inspect the granted authorities and determine where to go based on those.
Then replace the plugin's bean with yours in resources.groovy:
import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
beans = {
authenticationSuccessHandler(MyAuthenticationSuccessHandler) {
def conf = SpringSecurityUtils.securityConfig
requestCache = ref('requestCache')
redirectStrategy = ref('redirectStrategy')
defaultTargetUrl = conf.successHandler.defaultTargetUrl
alwaysUseDefaultTargetUrl = conf.successHandler.alwaysUseDefault
targetUrlParameter = conf.successHandler.targetUrlParameter
ajaxSuccessUrl = conf.successHandler.ajaxSuccessUrl
useReferer = conf.successHandler.useReferer
}
}
来源:https://stackoverflow.com/questions/3887875/grails-1-3-5-and-spring-security-core