gpt4 book ai didi

grails - Grails Spring安全性

转载 作者:行者123 更新时间:2023-12-02 15:41:06 25 4
gpt4 key购买 nike

我正在尝试创建一个登录页面,该页面将根据用户的角色登录到特定帐户,但是由于某种原因,spring security从未重新分配用户名和密码

这是LoginController

package login_page

导入grails.plugin.springsecurity.userdetails.DefaultPostAuthenticationChecks
导入org.springframework.security.access.annotation.Secured

@Secured('permitAll')
LoginController类扩展了grails.plugin.springsecurity.LoginController {
PersonService personService

def index() {
if (isLoggedIn()) {
redirect uri: conf.successHandler.defaultTargetUrl
}
else {
redirect action: 'auth', params: params
}
}
def auth() {

def conf = getConf()

if (isLoggedIn()) {
redirect uri: conf.successHandler.defaultTargetUrl
return
}

String postUrl = request.contextPath + conf.apf.filterProcessesUrl
render view: 'index', model: [postUrl: postUrl,
rememberMeParameter: conf.rememberMe.parameter,
usernameParameter: conf.apf.usernameParameter,
passwordParameter: conf.apf.passwordParameter,
]
}

}

成功uri是/ person / LoginPage

而LoginPage方法是这个
   @Secured(['ROLE_USER','ROLE_ADMIN','ROLE_SUPERADMIN'])
def LoginPage() {
refreshCurrentUser()
if (currentPerson == null) {
notFound()
}else {
if(currentPerson.getAuthorities()[0].getAuthority()=="ROLE_SUPERADMIN"){
redirect(controller:'superAdmin', action: 'superAdminShow', id: currentPerson.id)
}
else if(currentPerson.getAuthorities()[0].getAuthority()=="ROLE_ADMIN"){
redirect(controller:'admin', action: 'adminShow', id: currentPerson.id)
}
else if(currentPerson.getAuthorities()[0].getAuthority()=="ROLE_USER"){
redirect(action: 'show', id: currentPerson.id)
}
}
}

最佳答案

这是一个非常简单的安全配置,我在运行时将其放在一起(一个Reactive Java Rest API)进行愚蠢的演示。我绝不是安全专家,但是它可以使您对所涉及的事情有所了解。

import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.core.RedisTemplate;

import XXXXXXXX.Permissions;
import XXXXXXXXX.UserPermissions;

import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeUnit;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authorization.AuthorizationContext;
import reactor.core.publisher.Mono;


@Configuration
@EnableWebFluxSecurity
public class ApiSecurityConfiguration implements ReactiveAuthenticationManager{

@Autowired
Permissions permissions;
@Autowired
RedisTemplate<String, Object> redisCache;

private static final Logger logger = LoggerFactory.getLogger(ApiSecurityConfiguration.class);
private UserPermissions userPermissionTable;

@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
AuthorizeExchangeSpec authorize;
http.formLogin().disable();
http.csrf().disable();
http.logout().disable();å
http.httpBasic().disable();
http.httpBasic().
authenticationManager(this::authenticate);
authorize = http.authorizeExchange();
authorize.anyExchange().access(this::check);

return http.build();
}

private Mono<AuthorizationDecision> check(Mono<Authentication> authentication, AuthorizationContext context) {
return authentication.map(a ->this.checkAuthorizations(a, context)).map(granted -> new AuthorizationDecision(granted));
}

private boolean checkAuthorizations(Authentication a, AuthorizationContext context){
boolean ret = false;
String name = a.getName();
if (a.isAuthenticated()){
logger.info(String.format("FOUND %s, authorizing...", name));
ret = userPermissionTable.canAccess("XXXX", context.getExchange().getRequest().getPath().value(), context.getExchange().getRequest().getMethodValue());
logger.info(String.format("%s access granted: %B", name, ret));
}
return ret;
}

@Override
public Mono<Authentication> authenticate(Authentication authentication) {
CompletableFuture<UserPermissions> cup;
Authentication auth;
String name = null;

auth = authentication;
auth.setAuthenticated(false);
try {
name = authentication.getName();
logger.info(String.format("Looking %s in cache...", name));
userPermissionTable = (UserPermissions)redisCache.opsForValue().get(name);
if (userPermissionTable == null){
logger.info(String.format("NOT in cache, authenticating: %s ...", name));
cup = permissions.getPermissionsForUser(name, authentication.getCredentials().toString());
userPermissionTable = cup.get(1000, TimeUnit.MILLISECONDS);
redisCache.opsForValue().set(name, userPermissionTable, userPermissionTable.getTTL(), TimeUnit.MINUTES);
auth = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), null);
logger.info(String.format("Authenticated: %s", name));
}
else{
auth = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), null);
redisCache.expire(name, userPermissionTable.getTTL(), TimeUnit.MINUTES);
}
} catch (Exception e) {
logger.info(String.format("FAILED to authenticate: %s", name));
}
return Mono.just(auth);
}
}

关于grails - Grails Spring安全性,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60778964/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com