我想知道是否有人知道一个优雅的方式来获取有权访问当前页面的Spring安全插件中的所有角色。Grails Spring Security获取当前页面的角色
我使用的是spring security,它被配置为使用RequestMap域对象。
我的应用程序的权限非常复杂,所以我想在每个页面的底部制作一个标签,以显示需要使用该页面的角色。
我在做一个查询请求地图,但我想确保我匹配url的方式与插件的方式相同。
理想情况下,我根本不需要运行查询。
Grails的2.2.1版本的Spring Security插件版本1.2.7.3
在此先感谢
我得到这个通过添加下列两类,以我的src/java的工作。
1类
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import javax.servlet.http.HttpServletRequest;
import java.util.Collection;
public class MyFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
FilterInvocationSecurityMetadataSource oldBean;
@Override
public Collection<ConfigAttribute> getAttributes(Object o) throws IllegalArgumentException {
FilterInvocation filterInvocation = (FilterInvocation) o;
HttpServletRequest request = filterInvocation.getHttpRequest();
request.setAttribute("PAGEROLES", oldBean.getAttributes(filterInvocation));
return oldBean.getAttributes(o);
}
@Override
public Collection<ConfigAttribute> getAllConfigAttributes() {
return oldBean.getAllConfigAttributes();
}
@Override
public boolean supports(Class<?> aClass) {
return FilterInvocation.class.isAssignableFrom(aClass);
}
public Object getOldBean() { return oldBean; }
public void setOldBean(FilterInvocationSecurityMetadataSource oldBean) { this.oldBean = oldBean; }
}
2类
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.BeanFactoryAware;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
public class FilterSecurityMDSExtractor implements BeanPostProcessor, BeanFactoryAware {
private ConfigurableListableBeanFactory bf;
private FilterInvocationSecurityMetadataSource metadataSource = new MyFilterInvocationSecurityMetadataSource();
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
if (bean instanceof FilterInvocationSecurityMetadataSource) {
((MyFilterInvocationSecurityMetadataSource) metadataSource).setOldBean((FilterInvocationSecurityMetadataSource) bean);
return metadataSource;
}
return bean;
}
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
return bean;
}
public void setBeanFactory(BeanFactory beanFactory) throws BeansException {
this.bf = (ConfigurableListableBeanFactory)beanFactory;
}
}
我然后加入下列到resources.groovy
beans = {
filterSecurityMDSExtractor(FilterSecurityMDSExtractor)
}
基本上我馅用户角色进入请求
request.setAttribute("PAGEROLES", oldBean.getAttributes(filterInvocation));
那么我需要做的就是调用下面
request.getAttribute("PAGEROLES");
获得角色退了出来。我通过从Stackoverflow上的其他好帖子窃取我的解决方案。其他人可能会有更好的解决方案,但到目前为止,这对我来说很有用。