Grails with SpringSecurity, check if the current user can access controller / action

前端 未结 8 2277
轮回少年
轮回少年 2021-02-15 13:57

I\'m currently developing a menu for my application that should be able to display only the controllers that the current user can access (requestmap defined in the database).

8条回答
  •  借酒劲吻你
    2021-02-15 14:16

    As far as I can tell, there doesn't look like there's an easy way to do it.

    You can inject an instance of the grails AuthenticatedVetoableDecisionManager which is a concrete class of spring's AbstractAccessDecisionManager by doing this:

    def accessDecisionManager
    

    This has a "decide" method on it that takes 3 parameters

    decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
    

    This is probably the method that you'd need to call and pass in the right things to figure out if the user with the auth creds can access that "object" (which looks like it's normally a request/response). Some additional digging around might prove out something workable here.

    Short term, it's probably easier to use the ifAnyGranted taglib as another poster mentions.

提交回复
热议问题