Grails with SpringSecurity, check if the current user can access controller / action

前端未结

关注

 8  2294

轮回少年 2021-02-15 13:57

I\'m currently developing a menu for my application that should be able to display only the controllers that the current user can access (requestmap defined in the database).

8条回答

旧时难觅i (楼主)

2021-02-15 14:01

You have to configure the file config/SecurityConfig.groovy (if it does not exists, create it, this overrides the default Security Configuration)

Add this entry:

requestMapString = """\
            CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
            PATTERN_TYPE_APACHE_ANT
            /=IS_AUTHENTICATED_REMEMBERED
            /login/auth=IS_AUTHENTICATED_ANONYMOUSLY
            /login/authajax=IS_AUTHENTICATED_ANONYMOUSLY
            /login/authfail=IS_AUTHENTICATED_ANONYMOUSLY 
            /js/**=IS_AUTHENTICATED_ANONYMOUSLY
            /css/**=IS_AUTHENTICATED_ANONYMOUSLY
            /images/**=IS_AUTHENTICATED_ANONYMOUSLY
            /plugins/**=IS_AUTHENTICATED_ANONYMOUSLY
            /**=IS_AUTHENTICATED_REMEMBERED
          """

This is means that you have to log in to enter the site. But all the resources (css, js, images, etc) is accessed without authentification.

If you want specific role only enter specific controller: For example, for UserController:

    /user/**=ROLE_ADMIN
    /role/**=ROLE_ADMIN

For more information: http://www.grails.org/AcegiSecurity+Plugin+-+Securing+URLs

Regards

0 讨论(0)

查看其它8个回答