主要涉及两个事件类:AbstractAuthenticationEvent和AbstractAuthorizationEvent
事件通知
1. 注册事件监听器,添加感兴趣的事件,这样当相关事件类及其子类发生时,会接到通知。
MySecurityEventListener.groovy
package com.foo.bar
import org.springframework.context.ApplicationListener
import org.springframework.security.authentication.event.AuthenticationSuccessEvent
class MySecurityEventListener
implements ApplicationListener<AuthenticationSuccessEvent> {
void onApplicationEvent(AuthenticationSuccessEvent event) {
// handle the event
}
}
//grails-app/conf/spring/resources.groovy
import com.foo.bar.MySecurityEventListener
beans = {
mySecurityEventListener(MySecurityEventListener)
}
2.在grails-app/conf/application.groovy中添加一个或多个回调闭包,利用grails.plugin.springsecurity.SecurityEventListener来为你过滤事件。
//applilcation.groovy
grails.plugin.springsecurity.useSecurityEventListener = true
grails.plugin.springsecurity.onInteractiveAuthenticationSuccessEvent = { e, appCtx ->
// handle InteractiveAuthenticationSuccessEvent
}
grails.plugin.springsecurity.onAbstractAuthenticationFailureEvent = { e, appCtx ->
// handle AbstractAuthenticationFailureEvent
}
grails.plugin.springsecurity.onAuthenticationSuccessEvent = { e, appCtx ->
// handle AuthenticationSuccessEvent
}
grails.plugin.springsecurity.onAuthenticationSwitchUserEvent = { e, appCtx ->
// handle AuthenticationSwitchUserEvent
}
grails.plugin.springsecurity.onAuthorizationEvent = { e, appCtx ->
// handle AuthorizationEvent
}
Spring Security使用AuthenticationEventPublisher来产生事件,使用ApplicationEventPublisher来激活事件。默认是没有事件会被激活的,因为AuthenticationEventPublisher使用的实例是grails.plugin.springsecurity.authentication.NullAuthenticationEventPublisher。但是可以在grails-app/conf/application.groovy中添加
grails.plugin.springsecurity.useSecurityEventListener = true
激活事件。
Exception | Event |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
可以通过在grails-app/conf/application.groovy中添加
grails.plugin.springsecurity.dao.hideUserNotFoundExceptions = false
使SpringSecurity抛出原始的UsernameNotFoundException而不是BadCredentialsException.
最后欢迎大家访问我的个人网站:1024s