自定义Spring安全渲染页面,授权失败时,Grails
Customize Spring Security rendering page, when an authorization fails, Grails
例如,我有一个 gsp-pages,我想在通过 Spring Security in Grails 的授权失败时呈现它。目前我想处理两个失败原因:
1) Password and login combination is incorrect
2) User have not neccessary permissions to view page
怎么做?
这是我的登录控制器:
@Secured(['permitAll'])
class LoginController {
def auth() {
render (view:'auth.gsp')
}
}
这是 gsp 页面中的授权表格:
<form class="form-signin" action='/restorator/j_spring_security_check' method='POST' id='loginForm'>
<h2 class="form-signin-heading">Login</h2>
<div class="text-left">
<small>Login</small>
</div>
<label for="username" class="sr-only">Login</os-p></label>
<input id="username" name='j_username' class="form-control" placeholder="Login" required="" autofocus="" type="text">
<div class="text-left">
<small>Password</small>
</div>
<label for="password" class="sr-only">Password</label>
<input id="password" class="form-control" name='j_password' data-translatable-string="Password" type="password">
<div class="checkbox">
<label data-replace-tmp-key="2c2fb6d9630510f8721fb57d8c90d50c"><os-p key="2c2fb6d9630510f8721fb57d8c90d50c"><input value="remember-me" type="checkbox" class='chk' name='_spring_security_remember_me' id='remember_me'>Remember me</os-p></label>
</div>
<button class="btn btn-lg btn-primary btn-block" type="submit" id="submit" >Enter</button>
</form>
Spring 安全配置:
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.userLookup.userDomainClassName = 'restorator.auth.Person'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'restorator.auth.PersonAuthority'
grails.plugin.springsecurity.authority.className = 'restorator.auth.Authority'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/fonts/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/startPage': ['permitAll'],
'/dbconsole/**': ['permitAll'],
'/publicCafeeView': ['permitAll'],
'/publicCafeeInfo': ['permitAll']
]
在您的配置中缺少 3 行:
- 身份验证失败(登录):
grails.plugin.springsecurity.failureHandler.defaultFailureUrl = '/login?loginError=true'
- 错误的授权(错误的权限):
grails.plugin.springsecurity.adh.errorPage = '/login/denied'
grails.plugin.springsecurity.adh.ajaxErrorPage = '/login/denied'
这两行是默认映射。您可以简单地将 'denied.gsp' 放入 /login 目录,它会被自动选择
例如,我有一个 gsp-pages,我想在通过 Spring Security in Grails 的授权失败时呈现它。目前我想处理两个失败原因:
1) Password and login combination is incorrect
2) User have not neccessary permissions to view page
怎么做?
这是我的登录控制器:
@Secured(['permitAll'])
class LoginController {
def auth() {
render (view:'auth.gsp')
}
}
这是 gsp 页面中的授权表格:
<form class="form-signin" action='/restorator/j_spring_security_check' method='POST' id='loginForm'>
<h2 class="form-signin-heading">Login</h2>
<div class="text-left">
<small>Login</small>
</div>
<label for="username" class="sr-only">Login</os-p></label>
<input id="username" name='j_username' class="form-control" placeholder="Login" required="" autofocus="" type="text">
<div class="text-left">
<small>Password</small>
</div>
<label for="password" class="sr-only">Password</label>
<input id="password" class="form-control" name='j_password' data-translatable-string="Password" type="password">
<div class="checkbox">
<label data-replace-tmp-key="2c2fb6d9630510f8721fb57d8c90d50c"><os-p key="2c2fb6d9630510f8721fb57d8c90d50c"><input value="remember-me" type="checkbox" class='chk' name='_spring_security_remember_me' id='remember_me'>Remember me</os-p></label>
</div>
<button class="btn btn-lg btn-primary btn-block" type="submit" id="submit" >Enter</button>
</form>
Spring 安全配置:
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.userLookup.userDomainClassName = 'restorator.auth.Person'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'restorator.auth.PersonAuthority'
grails.plugin.springsecurity.authority.className = 'restorator.auth.Authority'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/fonts/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/startPage': ['permitAll'],
'/dbconsole/**': ['permitAll'],
'/publicCafeeView': ['permitAll'],
'/publicCafeeInfo': ['permitAll']
]
在您的配置中缺少 3 行:
- 身份验证失败(登录):
grails.plugin.springsecurity.failureHandler.defaultFailureUrl = '/login?loginError=true'
- 错误的授权(错误的权限):
grails.plugin.springsecurity.adh.errorPage = '/login/denied' grails.plugin.springsecurity.adh.ajaxErrorPage = '/login/denied'
这两行是默认映射。您可以简单地将 'denied.gsp' 放入 /login 目录,它会被自动选择