如何在grails中编写accessDeniedHandler_Grails_Groovy_Spring Security_Csrf Protection

如何在grails中编写accessDeniedHandler

grails groovy spring-security

如何在grails中编写accessDeniedHandler,grails,groovy,spring-security,csrf-protection,Grails,Groovy,Spring Security,Csrf Protection,我是groovy新手，我以以下方式在grails中实现了CSRF令牌。 resource.groovy中添加了CSRF过滤器 csrfFilter(CsrfFilter, new HttpSessionCsrfTokenRepository()) { accessDeniedHandler = ref('fnAccessDeniedHandler') requireCsrfProtectionMatcher = ref('fnRequireCsrfProtecti

我是groovy新手，我以以下方式在grails中实现了CSRF令牌。 resource.groovy中添加了CSRF过滤器

csrfFilter(CsrfFilter, new HttpSessionCsrfTokenRepository()) {
        accessDeniedHandler = ref('fnAccessDeniedHandler')
        requireCsrfProtectionMatcher = ref('fnRequireCsrfProtectionMatcher')
    }

但我不知道如何初始化FnacessDeniedHandler和fnRequireCsrfProtectionMatcher。

提前谢谢

ref中的值必须是bean（）。如果要覆盖accessDeniedHandler和requireCsrfProtectionMatcher，则需要创建自定义类，并在resources.groovy中创建bean。例如，要创建bean FnacessDeniedHandler，您可以执行以下操作

在resources.groovy中添加以下内容

fnAccessDeniedHandler(CustomAccessDeniedHandler)

并创建一个实现AccessDeniedHandler的类CustomAccessDeniedHandler

public class CustomAccessDeniedHandler implements AccessDeniedHandler {

    public static final Logger LOG
      = Logger.getLogger(CustomAccessDeniedHandler.class);

    @Override
    public void handle(
      HttpServletRequest request,
      HttpServletResponse response, 
      AccessDeniedException exc) throws IOException, ServletException {

        Authentication auth 
          = SecurityContextHolder.getContext().getAuthentication();
        if (auth != null) {
            LOG.warn("User: " + auth.getName() 
              + " attempted to access the protected URL: "
              + request.getRequestURI());
        }

        response.sendRedirect(request.getContextPath() + "/accessDenied");
    }
}

只是为了指出您不必提供它们，您可以使用默认值