grails - 切换用户正在重定向到 grails 中登录控制器的身份验证方法
问题描述
我正在研究 grails 项目,在该项目中,我目前正在遵循这种身份验证方式用户输入凭据-> 它进入 auth Success 处理程序
班级
public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response,
final Authentication authentication) throws ServletException, IOException {
SavedRequest savedRequest = requestCache?.getRequest(request, response)
println "Inside onAuthenticationSuccess"
def goAdmin = false
def goStore = false
authentication.authorities.each { ga ->
if (ga.authority.equals(AdminUserRole.ROLE_SUPER_ADMIN.toString()) || ga.authority.equals(AdminUserRole.ROLE_MERCHCENTER_ACCOUNTANT.toString()) || ga.authority.equals(AdminUserRole.ROLE_MERCHCENTER_CUSTOMER_ADMIN.toString()) || ga.authority.equals(AdminUserRole.ROLE_MERCHCENTER_SHIPPING.toString()) || ga.authority.equals(AdminUserRole.ROLE_MERCHCENTER_SALES.toString()) || ga.authority.equals(AdminUserRole.ROLE_MERCHCENTER_CUSTOMER_READ.toString())) {
goAdmin = true
}
}
def url = AppUtil.findStoreUrl(request)
println(">>>>>///////////////////////////////////////>>>>>")
println(">>>>>/////AuthSuccessHandler////>>>>> URL: ${url}, USERNAME: ${authentication?.principal?.username}")
//SwitchUser switchUser = null;
//TODO need to be abstracted in a better way
if (SpringSecurityUtils.isSwitched()) {
// def ctx = SCH.servletContext.getAttribute(GA.APPLICATION_CONTEXT)
// UserService userService = ctx.userService
goStore = true
// switchUser = userService.saveSwitchUser(SpringSecurityUtils.getSwitchedUserOriginalUsername(), request.session.switched_user_id as Integer, AppUtil.getBackendUrl() + AppUtil.getServerPortWithContext(request) + request.session?.orignal_url)
// url = request.session?.switchUrl
}
if (url) {
goStore = true
}
String requestedUrl = savedRequest?.getRedirectUrl()
if (goAdmin) {
if (requestedUrl && requestedUrl != "null") {
getRedirectStrategy().sendRedirect(request, response, requestedUrl)
} else {
println(">>>>>/////AuthSuccessHandler////>>>>> GOTO-ADMIN")
response.sendRedirect(request.contextPath + '/')
}
} else if (goStore) {
if (SpringSecurityUtils.isSwitched()) {
request.session.removeAttribute('switchUrl')
request.session.removeAttribute('orignal_url')
request.session.removeAttribute('merchCenter_id')
// response.sendRedirect(request.scheme + "://" + url + AppUtil.getSubUrlOfFrontend(request) + AppUtil.getServerPortWithContext(request) + '/postSwitchPreFrontend?switchId=' + switchUser?.id)
} else if (requestedUrl && requestedUrl != "null") {
getRedirectStrategy().sendRedirect(request, response, requestedUrl)
} else {
println(">>>>>/////wAuthSuccessHandler////>>>>> GOTO-STORE")
//TODO need to check before deployemnt and integrate in postSwitchPreFrontend action
response.sendRedirect(request.contextPath + '/' + request.session["slugName"] + '/myAccount')
}
} else {
println(">>>>>/////AuthSuccessHandler////>>>>> GOTO-ADMIN: ${goAdmin} |OR| GOTO-STORE: ${goStore}")
super.onAuthenticationSuccess(request, response, authentication)
}
}
我评论了切换用户逻辑,因为如果有人单击我的切换用户按钮它不起作用,那么它应该进入 onAuthenticationSuccess 然后我坚持切换用户详细信息
但是在单击切换用户后,它会跳过 SuccessHandlerCode
然后在 LoginController 我定义我的身份验证方法
def auth() {
def config = SpringSecurityUtils.securityConfig
if (params?.switchId) {
SwitchUser switchUser = SwitchUser.findById(params?.switchId as Long)
String url = switchUser.preSwitchUrl
User user = User.findByUsername(switchUser.main_username)
myUserDetailsService.programmticallyLoginForSpringScurity(user)
response.sendRedirect(url)
return
}
}
这是我的 resources.groovy 文件
在我的 application.groovy
grails.plugin.springsecurity.useSwitchUserFilter = true
在静态规则中
[模式:'/login/impersonate',访问:['permitAll']],[模式:'/logout/impersonate',访问:['permitAll']]
解决方案
推荐阅读
- python - 将时间戳列更改为小时
- linux - .Net `CharUnicodeInfo` 类的 Linux C 库等价物是什么
- java - swagger-maven-plugin 不生成键和值,导致“空”swagger.json
- php - 如何在 >php7.1 中将类名转换为未实例化的类
- sql - 以 12 个月滚动的方式遍历客户,并检查客户在过去 12 个月内是否未订购
- python - python中的initialize()和__init__()方法有什么区别?
- ruby-on-rails - 过滤器/回调是否值得关注
- python - 根据另一列的日期顺序创建另一列
- docker - 如何使用 gitlab CI 和 portainer 部署 docker 镜像
- java - 外键/JoinColumn 值错误地始终为空