Fatal编程技术网
  • grails/
  • Grails Spring Security Shiro,如何使用2个不同的认证成功URL创建2个登录表单?

Grails Spring Security Shiro,如何使用2个不同的认证成功URL创建2个登录表单?

grails spring-security

Grails Spring Security Shiro,如何使用2个不同的认证成功URL创建2个登录表单?,grails,spring-security,Grails,Spring Security,我正在从事一个利用Spring Security Shiro的项目。我想将应用程序配置为具有2个不同的登录表单和2个不同的身份验证成功URL。执行此操作的最佳方式是什么?我查看了文档,但没有看到任何解决方案 提前感谢您的帮助。最简单也是最好的方法是扩展两个独立的websecurityConfigureAdapter并在其中创建两个不同的配置(两个登录页面和两个验证成功URL): 及 请注意,WebSecurityConf1将在满足.antMatcher(“/first resources**”)

我正在从事一个利用Spring Security Shiro的项目。我想将应用程序配置为具有2个不同的登录表单和2个不同的身份验证成功URL。执行此操作的最佳方式是什么?我查看了文档,但没有看到任何解决方案

提前感谢您的帮助。

最简单也是最好的方法是扩展两个独立的
websecurityConfigureAdapter
并在其中创建两个不同的配置(两个登录页面和两个验证成功URL):

请注意,
WebSecurityConf1
将在满足
.antMatcher(“/first resources**”)
时应用,
WebSecurityConf2
也是如此。另外,
WebSecurityConf1
WebSecurityConf2
之间的配置是独立的。

简单的方法是用自定义的AuthenticationSuccessHandler覆盖AuthenticationHandler

首先创建成功处理程序,我检查用户是否是管理员用户

import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
import org.springframework.security.core.Authentication

import javax.servlet.ServletException
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
import javax.servlet.http.HttpSession


class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {

    def requestCache
    boolean administrator = false

    @Override
    protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
        println administrator
        if(administrator){
            return "/admin"
        } else {
            return super.determineTargetUrl(request, response)
        }
    }

    @Override
    public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response,
                                        final Authentication authentication) throws ServletException, IOException {
        try {
            checkSetAdministratorUser(authentication)
            handle(request, response, authentication)
            super.clearAuthenticationAttributes(request)
        }catch(Exception e){
            e.printStackTrace()
        } finally {
            // always remove the saved request
            requestCache.removeRequest(request, response)
        }

    }

    protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException {
        String targetUrl = determineTargetUrl(request, response)

        if (response.isCommitted()) {
            logger.debug("Response has already been committed. Unable to redirect to " + targetUrl)
            return
        }

        redirectStrategy.sendRedirect(request, response, targetUrl)
    }

    def checkSetAdministratorUser(authentication){
        authentication.authorities.each(){ authority ->
            if(authority.authority == "ROLE_ADMIN")administrator = true
        }
    }
}
然后我必须在参考资料的bean部分定义成功处理程序

beans = {
    authenticationSuccessHandler(CustomAuthenticationSuccessHandler) {
        requestCache = ref('requestCache')
        redirectStrategy = ref('redirectStrategy')
    }
}
那我就可以走了。它对我的场景很有效

谢谢:

import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
import org.springframework.security.core.Authentication

import javax.servlet.ServletException
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
import javax.servlet.http.HttpSession


class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {

    def requestCache
    boolean administrator = false

    @Override
    protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
        println administrator
        if(administrator){
            return "/admin"
        } else {
            return super.determineTargetUrl(request, response)
        }
    }

    @Override
    public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response,
                                        final Authentication authentication) throws ServletException, IOException {
        try {
            checkSetAdministratorUser(authentication)
            handle(request, response, authentication)
            super.clearAuthenticationAttributes(request)
        }catch(Exception e){
            e.printStackTrace()
        } finally {
            // always remove the saved request
            requestCache.removeRequest(request, response)
        }

    }

    protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
            throws IOException, ServletException {
        String targetUrl = determineTargetUrl(request, response)

        if (response.isCommitted()) {
            logger.debug("Response has already been committed. Unable to redirect to " + targetUrl)
            return
        }

        redirectStrategy.sendRedirect(request, response, targetUrl)
    }

    def checkSetAdministratorUser(authentication){
        authentication.authorities.each(){ authority ->
            if(authority.authority == "ROLE_ADMIN")administrator = true
        }
    }
}

beans = {
    authenticationSuccessHandler(CustomAuthenticationSuccessHandler) {
        requestCache = ref('requestCache')
        redirectStrategy = ref('redirectStrategy')
    }
}