如何在grails中编写accessDeniedHandler
我是groovy新手,我以以下方式在grails中实现了CSRF令牌。 resource.groovy中添加了CSRF过滤器如何在grails中编写accessDeniedHandler,grails,groovy,spring-security,csrf-protection,Grails,Groovy,Spring Security,Csrf Protection,我是groovy新手,我以以下方式在grails中实现了CSRF令牌。 resource.groovy中添加了CSRF过滤器 csrfFilter(CsrfFilter, new HttpSessionCsrfTokenRepository()) { accessDeniedHandler = ref('fnAccessDeniedHandler') requireCsrfProtectionMatcher = ref('fnRequireCsrfProtecti
csrfFilter(CsrfFilter, new HttpSessionCsrfTokenRepository()) {
accessDeniedHandler = ref('fnAccessDeniedHandler')
requireCsrfProtectionMatcher = ref('fnRequireCsrfProtectionMatcher')
}
但我不知道如何初始化FnacessDeniedHandler和fnRequireCsrfProtectionMatcher。
提前谢谢 ref中的值必须是bean()。如果要覆盖accessDeniedHandler和requireCsrfProtectionMatcher,则需要创建自定义类,并在resources.groovy中创建bean。例如,要创建bean FnacessDeniedHandler,您可以执行以下操作 在resources.groovy中添加以下内容
fnAccessDeniedHandler(CustomAccessDeniedHandler)
并创建一个实现AccessDeniedHandler的类CustomAccessDeniedHandler
public class CustomAccessDeniedHandler implements AccessDeniedHandler {
public static final Logger LOG
= Logger.getLogger(CustomAccessDeniedHandler.class);
@Override
public void handle(
HttpServletRequest request,
HttpServletResponse response,
AccessDeniedException exc) throws IOException, ServletException {
Authentication auth
= SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {
LOG.warn("User: " + auth.getName()
+ " attempted to access the protected URL: "
+ request.getRequestURI());
}
response.sendRedirect(request.getContextPath() + "/accessDenied");
}
}
只是为了指出您不必提供它们,您可以使用默认值