我在grails 2.4.4应用程序中使用spring-security-core 2.0-RC5。最近,我在应用程序中实现了以下过滤器,但是问题是,当SignupController请求即将到来时,由于springSecurityService注入(inject)而发生了错误(在注册的情况下,没有身份验证并且没有 session )。
因此,如何在不捕获注册请求的情况下将springSecurityService注入(inject)到我的过滤器中。
import com.services.portal.ProfileService;
import com.services.portal.SignupService;
import com.services.portal.UserSessionService;
import com.domain.auth.User;
import com.services.portal.FormProcessService;
import com.services.portal.ProfileService;
import com.services.portal.SignupService;
import com.services.portal.UserSessionService
import grails.plugin.springsecurity.SpringSecurityService;
import grails.plugin.springsecurity.annotation.Secured
import grails.plugin.springsecurity.ui.AbstractS2UiController;
import groovy.sql.Sql
class AuthFilters {
def springSecurityService
def filters = {
allExceptIndex(controller: 'login|signup|logout', invert: true) {
before = {
if(session["Username"] == null){
def Username = springSecurityService.getPrincipal().getUsername()
session["Username"] = Username
}
if(session["UserId"] == null){
String userId = springSecurityService.getPrincipal().getId()
session["UserId"] = userId
}
if(session["incomingIp"] == null){
def incomingIp = request.remoteHost
session["incomingIp"] = incomingIp
}
if(session["currUserRole"] == null){
def roles = springSecurityService.getPrincipal().getAuthorities()
roles = roles.toString().substring(1, roles.toString().length()-1)
session["currUserRole"] = roles
}
}
after = { Map model ->
}
afterView = { Exception e ->
}
}
}
}最佳答案
处理注册请求的 Controller 通过在操作前使用@Secured(['permitAll'])将其公开。
关于spring - 将springSecurityService注入(inject)到过滤器中会导致错误,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/43390062/