我在grails 2.4.4应用程序中使用spring-security-core 2.0-RC5。最近我在我的应用程序中实现了以下过滤器,但问题是当SignupController请求到来时,由于springSecurityService注入而发生错误(在注册的情况下没有身份验证和没有会话)。
那么如何在我的过滤器中注入springSecurityService而不会捕获注册请求。
import com.services.portal.ProfileService;
import com.services.portal.SignupService;
import com.services.portal.UserSessionService;
import com.domain.auth.User;
import com.services.portal.FormProcessService;
import com.services.portal.ProfileService;
import com.services.portal.SignupService;
import com.services.portal.UserSessionService
import grails.plugin.springsecurity.SpringSecurityService;
import grails.plugin.springsecurity.annotation.Secured
import grails.plugin.springsecurity.ui.AbstractS2UiController;
import groovy.sql.Sql
class AuthFilters {
def springSecurityService
def filters = {
allExceptIndex(controller: 'login|signup|logout', invert: true) {
before = {
if(session["Username"] == null){
def Username = springSecurityService.getPrincipal().getUsername()
session["Username"] = Username
}
if(session["UserId"] == null){
String userId = springSecurityService.getPrincipal().getId()
session["UserId"] = userId
}
if(session["incomingIp"] == null){
def incomingIp = request.remoteHost
session["incomingIp"] = incomingIp
}
if(session["currUserRole"] == null){
def roles = springSecurityService.getPrincipal().getAuthorities()
roles = roles.toString().substring(1, roles.toString().length()-1)
session["currUserRole"] = roles
}
}
after = { Map model ->
}
afterView = { Exception e ->
}
}
}
}
答案 0 :(得分:0)
处理注册请求的控制器在操作前使用@Secured(['permitAll'])将其公开。