1. 首页
  2. 问答
  3. 自定义Spring Security渲染页面,当授权失败时,Grails

自定义Spring Security渲染页面,当授权失败时,Grails

2015-06-16 56 views
0

例如我有一个gsp页面,当我通过Grails中的Spring Security进行授权失败时,我想要显示它。目前我想处理两个失败原因:自定义Spring Security渲染页面,当授权失败时,Grails

1) Password and login combination is incorrect 
2) User have not neccessary permissions to view page

如何做到这一点?

这是我的LoginController:

@Secured(['permitAll']) 
class LoginController { 
    def auth() { 
     render (view:'auth.gsp') 
    } 
}

这是GSP页授权形式:

<form class="form-signin" action='/restorator/j_spring_security_check' method='POST' id='loginForm'> 
     <h2 class="form-signin-heading">Login</h2> 
     <div class="text-left"> 
      <small>Login</small> 
     </div>   
     <label for="username" class="sr-only">Login</os-p></label> 
     <input id="username" name='j_username' class="form-control" placeholder="Login" required="" autofocus="" type="text"> 
     <div class="text-left"> 
      <small>Password</small> 
     </div> 
     <label for="password" class="sr-only">Password</label> 
     <input id="password" class="form-control" name='j_password' data-translatable-string="Password" type="password"> 
     <div class="checkbox"> 
      <label data-replace-tmp-key="2c2fb6d9630510f8721fb57d8c90d50c"><os-p key="2c2fb6d9630510f8721fb57d8c90d50c"><input value="remember-me" type="checkbox" class='chk' name='_spring_security_remember_me' id='remember_me'>Remember me</os-p></label> 
     </div> 
     <button class="btn btn-lg btn-primary btn-block" type="submit" id="submit" >Enter</button> 
</form>

春季安全配置:

// Added by the Spring Security Core plugin: 
grails.plugin.springsecurity 
grails.plugin.springsecurity.logout.postOnly = false 
grails.plugin.springsecurity.userLookup.userDomainClassName = 'restorator.auth.Person' 
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'restorator.auth.PersonAuthority' 
grails.plugin.springsecurity.authority.className = 'restorator.auth.Authority' 
grails.plugin.springsecurity.controllerAnnotations.staticRules = [ 
    '/':        ['permitAll'], 
    '/index':       ['permitAll'], 
    '/index.gsp':      ['permitAll'], 
    '/assets/**':      ['permitAll'], 
    '/**/js/**':      ['permitAll'], 
    '/**/css/**':      ['permitAll'], 
    '/**/images/**':     ['permitAll'], 
    '/**/fonts/**':     ['permitAll'], 
    '/**/favicon.ico':    ['permitAll'], 
    '/startPage':      ['permitAll'], 
    '/dbconsole/**':     ['permitAll'], 
    '/publicCafeeView':    ['permitAll'], 
    '/publicCafeeInfo':    ['permitAll'] 
]

来源

2015-06-16 pragmus

+0

显示您的安全配置 – injecteer

+0

@injecteer,更新 – pragmus

回答

1
在你的配置3线

缺失:

  1. 失败的认证(登录): '?/登录loginError =真'

grails.plugin.springsecurity.failureHandler.defaultFailureUrl =

  • 错授权(错误的权限):

    • grails.plugin.springsecurity.adh.errorPage = '/登录/否认' grails.plugin.springsecurity.adh.ajaxErrorPage = '/登录/拒绝'

    这些2线是默认映射。你可以简单地把你的“denied.gsp”入/login目录,它会被自动接听

    来源

    2015-06-17 08:38:38 injecteer

    相关问题

     相关问题