springSecurityService和參數在會話中設置

Question

我試圖根據自己的需要調整springSecurity插件，所以當用戶進行身份驗證時，必須檢查一個密鑰對用戶有效，然後存儲在用戶會話中（用戶可以有幾個鍵）。

形式登錄：

<form action='${request.contextPath}/j_spring_security_check' method='POST' id='loginForm' name='loginForm' controller="login" onLoading="showSpinner();" onComplete="hideSpinner();" class="form-horizontal" autocomplete='off'> 
        <g:if test='${flash.msg}'><div class='errors_pw3'><g:message code="default.message.login"/> </div><br/></g:if> 
        <div class="control-group" style="margin-left:80px;"> 
         <label class="control-label" for='j_datastore'><g:message code="label.datastore" default="Key:" /></label> 
          <div class="controls"> 
          <input type='text' name='key' id='key' value='${session.user.key}' class="span7"/> 
         </div> 
       </div> 
       <div class="control-group" style="margin-left:80px;"> 
        <label class="control-label" for='j_username'><g:message code="label.ubistoreid" /></label> 
        <div class="controls"> 
         <input type='text' name='j_username' id='username' value='${request.remoteUser}' class="span7"/> 
        </div> 
       </div> 
       <div class="control-group" style="margin-left:80px;"> 
        <label class="control-label" for='j_password'><g:message code="label.password" /></label> 
        <div class="controls"> 
         <input type='password' name='j_password' id='password' class="span7"/> 
        </div> 
       </div> 

登錄控制器：

def auth = { 
    def config = SpringSecurityUtils.securityConfig 
    def principal = springSecurityService.principal 
    // Store key in the session 
    session.setAttribute("KEY",params.key) 
    println params.key + "*******" 
    println params.params + "-----" 
    if (springSecurityService.isLoggedIn()) { 
     redirect uri:'/secure' 
    } 
    else if (params["login_error"]) { 
     if(request.getParameterValues('login_error')[0] == '1') { 
      flash.msg = "User or password invalid !" 
     } 
    } 
    String view = 'index' 
    String postUrl = "${request.contextPath}${config.apf.filterProcessesUrl}" 
    render view: view, model: [postUrl: postUrl,rememberMeParameter: config.rememberMe.parameter,params:params] 
} 

】這個params不傳遞到會話

請，如何修改springSecurityService到： 1）檢查密鑰條目是否授權給用戶？ （用戶域類包含一個set<Key> keys條目以授權密鑰列表）

2）後來在用戶的會話中使用它（一旦被驗證）

Answer 1

基本上，我已經實現了一個customRedirect戰略。它的工作原理，但我需要一個建議來檢查當前用戶的密鑰對象的有效性後自定義響應;

import javax.servlet.http.HttpServletRequest 
import javax.servlet.http.HttpServletResponse 
import org.apache.commons.lang.StringUtils 
import org.springframework.security.web.DefaultRedirectStrategy 

public class CustomRedirectStrategy extends DefaultRedirectStrategy { 

    static final String adminFailureUrl='/console/index' 
    static final String customerFailureUrl='/login/auth' 
    HttpServletRequest request 
    HttpServletResponse response 
    String url 
    String redirectUrl 

    @Override 
    public void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) throws IOException { 
     def key = request.getParameter("j_key") 
     if(key) { 
      // TODO: process key validation 
      request.session['KEY'] = key 
      def ds = DataStore.findByKeyname(key) 
      if(ds) { 
       request.session['DS'] = ds 
      } 
      log.debug '--------------------' 
      log.debug 'Used Key:'+ key 
      log.debug '--------------------' 
     } else { 
      log.debug '--------------------' 
      log.debug 'No key defined' 
      log.debug '--------------------' 
     } 

     if(request.getParameter('asAdmin') == 'true') { 
      redirectUrl = calculateAdminRedirectUrl(request); 
     } 
     else if (request.getParameter('asUser') == 'true') { 
      redirectUrl = calculateUserRedirectUrl(request); 
     } 
     redirectUrl = response.encodeRedirectURL(redirectUrl); 
     response.sendRedirect(redirectUrl); 
    } 

    private String calculateAdminRedirectUrl(final HttpServletRequest request) { 
     return request.getContextPath() + adminFailureUrl + "?login_error=1"; 
    } 

    private String calculateUserRedirectUrl(final HttpServletRequest request) { 
     return request.getContextPath() + customerFailureUrl + "?login_error=1"; 
    } 
}