我正在尝试使用Grails 3.10和spring-security-core插件创建一个网站。 我是如此新鲜。我创建了我的所有域类,然后运行应用程序。 它指示我登录页面。实际上这是一件好事,但现在如何才能通过这个,并可以看到我的其他控制者和观点。我读了一些博客。我想写一些像
这样的代码import org.codehaus.groovy.grails.plugins.springsecurity.Secured
class SecureAnnotatedController {
@Secured(['ROLE_ADMIN'])
def index = {
render 'you have ROLE_ADMIN'
}
@Secured(['ROLE_ADMIN', 'ROLE_ADMIN2'])
def adminEither = {
render 'you have ROLE_ADMIN or ROLE_ADMIN2'
}
def anybody = {
render 'anyone can see this'
}
}
但我无法理解。谢谢你的帮助。
答案 0 :(得分:0)
对于带有Grails的Spring Security的更高版本,您需要将以下内容添加到Conf的文件中:
grails.plugin.springsecurity.successHandler.alwaysUseDefault = true
grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/your-url'
而不是:
答案 1 :(得分:0)
import grails.plugin.springsecurity.annotation.Secured
class SecureAnnotatedController {
@Secured(['ROLE_ADMIN'])
def index() {
render text: 'you have ROLE_ADMIN'
}
@Secured(['ROLE_ADMIN', 'ROLE_ADMIN2'])
def adminEither() {
render text: 'you have ROLE_ADMIN or ROLE_ADMIN2'
}
def anybody () {
render text: 'anyone can see this'
}
}
正如Burt指出的那样,你正在使用旧的控制器方法和旧的安全导入
超越这个:
看一下grails-app / conf / application.groov:
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
[pattern: '/', access: ['permitAll']],
[pattern: '/error', access: ['permitAll']],
[pattern: '/SecureAnnotatedController/anybody', access: ['permitAll']],
[pattern: '/index/**', access: ['permitAll']],
在上面我直接添加了/ SecureAnnotatedController / anybody,如果你在现有的默认值中有它,那么它应该可以工作。
您也可以在方法上方更新applucation.groovy使用@Secured(['permitAll'])
。
应该让你需要的工作。以下是更高级的,包括锁定失败的尝试 这是一个很棒的插件,需要时间来吸收其细节。
关于以上帖子:
//grails.plugin.springsecurity.successHandler.defaultTargetUrl = "/helloAgain/${System.currentTimeMillis()}"
//grails.plugins.springsecurity.useSecurityEventListener = true
grails.plugin.springsecurity.successHandler.alwaysUseDefault = true
grails.plugin.springsecurity.useRoleGroups = true
brutforce {
loginAttempts {
time = 5
allowedNumberOfAttempts = 3
}
}
我最初让它去了helloAgain,它进行了重定向但是在这一点上是一种注册传入用户的hackish方式。现在我正在使用
grails.plugin.springsecurity.useSecurityEventListener = true
然后将其输入grails-app / conf / spring / resources.groovy
import myapp.utils.CustomSecurityEventListener
import myapp.utils.CustomSecurityFailureEventListener
import myapp.utils.RedirectFailureToRegistration
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
// Place your Spring DSL code here
beans = {
redirectFailureHandlerExample(SimpleUrlAuthenticationFailureHandler) {
defaultFailureUrl = '/failed'
}
redirectFailureHandler(RedirectFailureToRegistration) {
defaultFailureUrl = '/failed'
registrationUrl = '/'
}
/*
multipartResolver(ContentLengthAwareCommonsMultipartResolver) {
defaultEncoding = 'UTF-8'
}
*/
customerSecurityEventListener(CustomSecurityEventListener)
customSecurityFailureEventListener(CustomSecurityFailureEventListener)
现在这些文件:在我的src / main / groovy / myapp / utils中我有
package myapp.utils
import grails.util.Holders
import org.springframework.context.ApplicationListener
import org.springframework.security.authentication.event.AuthenticationSuccessEvent
import org.springframework.security.core.userdetails.UserDetails
class CustomSecurityEventListener implements ApplicationListener<AuthenticationSuccessEvent> {
//private static Collection activeUsers = Collections.synchronizedList(new ArrayList())
def loginAttemptCacheService = Holders.grailsApplication.mainContext.getBean('loginAttemptCacheService')
void onApplicationEvent(AuthenticationSuccessEvent event) {
def userDetails = (UserDetails) event.getAuthentication().getPrincipal()
if (userDetails) {
//SessionListener.userLoggedIn(userDetails.getUsername())
loginAttemptCacheService.loginSuccess(event.authentication.name)
}
}
// public static Collection getActiveUsers() {
// return Collections.unmodifiableList(activeUsers)
// }
}
package myapp.utils
import myapp.users.LoginAttemptCacheService
import grails.util.Holders
import org.springframework.context.ApplicationListener
import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent
class CustomSecurityFailureEventListener implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> {
def loginAttemptCacheService = Holders.grailsApplication.mainContext.getBean('loginAttemptCacheService')
void onApplicationEvent(AuthenticationFailureBadCredentialsEvent event) {
String username = (String) event.getAuthentication().getPrincipal()
if (username) {
loginAttemptCacheService.failLogin(event.authentication.name)
}
}
}
服务:
import com.google.common.cache.CacheBuilder
import com.google.common.cache.CacheLoader
import com.google.common.cache.LoadingCache
import grails.core.GrailsApplication
import grails.core.support.GrailsApplicationAware
import grails.transaction.Transactional
import java.util.concurrent.TimeUnit
import org.apache.commons.lang.math.NumberUtils
import javax.annotation.PostConstruct
class LoginAttemptCacheService implements GrailsApplicationAware {
def config
GrailsApplication grailsApplication
private LoadingCache attempts
private int allowedNumberOfAttempts
@PostConstruct
void init() {
allowedNumberOfAttempts = config.brutforce.loginAttempts.allowedNumberOfAttempts
int time = config.brutforce.loginAttempts.time
log.info "account block configured for $time minutes"
attempts = CacheBuilder.newBuilder()
.expireAfterWrite(time, TimeUnit.MINUTES)
.build({0} as CacheLoader);
}
/**
* Triggers on each unsuccessful login attempt and increases number of attempts in local accumulator
* @param login - username which is trying to login
* @return
*/
def failLogin(String login) {
def numberOfAttempts = attempts.get(login)
log.debug "fail login $login previous number for attempts $numberOfAttempts"
numberOfAttempts++
if (numberOfAttempts > allowedNumberOfAttempts) {
blockUser(login)
attempts.invalidate(login)
} else {
attempts.put(login, numberOfAttempts)
}
}
/**
* Triggers on each successful login attempt and resets number of attempts in local accumulator
* @param login - username which is login
*/
def loginSuccess(String login) {
log.debug "successfull login for $login"
attempts.invalidate(login)
}
/**
* Disable user account so it would not able to login
* @param login - username that has to be disabled
*/
@Transactional
private void blockUser(String login) {
log.debug "blocking user: $login"
def user = User.findByUsername(login)
if (user) {
user.accountLocked = true
user.save(flush: true)
}
}
void setGrailsApplication(GrailsApplication ga) {
config = ga.config
}
}
对于所有那些很酷的东西,你需要将它添加到你的build.gradle
//caching user failure attempts //CustomerSecurityFailureEventListener.groovy
compile 'com.google.guava:guava:11.0.1'
享受