当授权失败时，自定义Spring Security呈现页面，Grails

Question

例如，我有一个gsp-pages，我想通过Grails中的Spring Security授权失败时呈现。目前我想要处理两个失败的原因：

1) Password and login combination is incorrect
2) User have not neccessary permissions to view page

怎么做？

这是我的LoginController：

@Secured(['permitAll'])
class LoginController {
    def auth() { 
        render (view:'auth.gsp')
    }
}

这是gsp-page中的授权表格：

<form class="form-signin" action='/restorator/j_spring_security_check' method='POST' id='loginForm'>
        <h2 class="form-signin-heading">Login</h2>
        <div class="text-left">
            <small>Login</small>
        </div>        
        <label for="username" class="sr-only">Login</os-p></label>
        <input id="username" name='j_username' class="form-control" placeholder="Login" required="" autofocus="" type="text">
        <div class="text-left">
            <small>Password</small>
        </div>
        <label for="password" class="sr-only">Password</label>
        <input id="password" class="form-control" name='j_password' data-translatable-string="Password" type="password">
        <div class="checkbox">
          <label data-replace-tmp-key="2c2fb6d9630510f8721fb57d8c90d50c"><os-p key="2c2fb6d9630510f8721fb57d8c90d50c"><input value="remember-me" type="checkbox" class='chk' name='_spring_security_remember_me' id='remember_me'>Remember me</os-p></label>
        </div>
        <button class="btn btn-lg btn-primary btn-block" type="submit"  id="submit" >Enter</button>
</form>

Spring Security配置：

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.userLookup.userDomainClassName = 'restorator.auth.Person'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'restorator.auth.PersonAuthority'
grails.plugin.springsecurity.authority.className = 'restorator.auth.Authority'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    '/':                              ['permitAll'],
    '/index':                         ['permitAll'],
    '/index.gsp':                     ['permitAll'],
    '/assets/**':                     ['permitAll'],
    '/**/js/**':                      ['permitAll'],
    '/**/css/**':                     ['permitAll'],
    '/**/images/**':                  ['permitAll'],
    '/**/fonts/**':                   ['permitAll'],
    '/**/favicon.ico':                ['permitAll'],
    '/startPage':                     ['permitAll'],
    '/dbconsole/**':                  ['permitAll'],
    '/publicCafeeView':               ['permitAll'],
    '/publicCafeeInfo':               ['permitAll']
]

Answer 1

您的配置中缺少

3行：

1. 验证失败（登录）：

  

grails.plugin.springsecurity.failureHandler.defaultFailureUrl =＆＃39; / login？loginError = true＆＃39;

1. 错误的授权（错误的权限）：

  

grails.plugin.springsecurity.adh.errorPage =＆＃39; / login / denied＆＃39;    grails.plugin.springsecurity.adh.ajaxErrorPage =＆＃39; / login / denied＆＃39;

这两行是默认映射。你可以简单地把你的'dengs.gsp＆＃39;进入/login目录，它将自动被选中