Grails Spring Security:在双重角色之间切换

Question

在我的项目中，某些用户具有双重角色，所以如果任何这样的用户登录，我如何让他在这两个角色之间切换，以便他可以执行该特定角色提供的某些操作。

我很欣赏一步一步的过程，因为我是Grails的新手。任何这样的在线文献与例子都是高度赞赏的。

更新：- WorkridersUser loadUserByUsername(String username，String roleName)抛出UsernameNotFoundException { // def conf = SpringSecurityUtils.securityConfig //类User =User

    SchemeUser.withTransaction { status ->

        SchemeUser user = SchemeUser.findByUsername(username) 
        if (!user){ throw new UsernameNotFoundException('User not found', username)}

        UserProfile userProfile = UserProfile.findByEmail(user.username)
        Representative representative = Representative.findByUser(user)
        Organization organization = Organization.get(representative.organization.id)


        def authorities = user.authorities.collect {new GrantedAuthorityImpl(it.authority)}

        return new WorkridersUser(user.username, user.password, user.enabled, 
            !user.accountExpired, !user.passwordExpired, !user.accountLocked, 
            authorities ?: roleName, user.id, organization.companyName,userProfile) 
    } 
}

谢谢

Sri

Answer 1

您需要覆盖loadUserByUsername方法，如下所示：

UserDetails loadUserByUsername(String username, String selectedRole) {
  // current selected role is stored in the member variable of the UserDetail class         
  this.selectedRole = selectedRole
  return loadUserByUsername(username)
}

要在选择框中显示当前用户的所有角色，请编写自己的标记库，如下所示：

def authorities = springSecurityService.principal.originalAuthorities
if (authorities.size() > 1) {
    out << "<form name='switchRoleForm' action='switchRole' method='post'>"
    out << "<select name='roles'>"
    Role tmpRole
    authorities.each {
        tmpRole = Role.findByAuthority(it.authority)
        // access your current select role
            if (springSecurityService.principal.selectedRole== it.authority)
            out << "<option selected value='${it.authority}'>${tmpRole.name}</option>"
        else
            out << "<option value='${it.authority}'>${tmpRole.name}</option>"
    }
    out << "</select>"
    out << '<input class="switch" type="submit" value="switch"/></span>'
    out << "</form>"        
}

我在上一篇文章中描述了开关逻辑。

Answer 2

首先，您必须实现自己的user details类和服务。http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/index.html。在您自己的UserDetailsService中，您可以激活loadUserByUsername方法中的authorities属性，以便该属性同时只包含一个角色。然后，您可以通过再次修改此属性来在角色之间切换。例如

// imagine the following code would be in your switch controller action
// fetch your user detail service bean (registered via resources.groovy and not as a service)
UserDetailsService userDetailsService = grailsApplication.mainContext.getBean("userDetailsService");
UserCache userCache = grailsApplication.mainContext.getBean("userCache");
// update authorities in user details. only one role should exists in authorities list
UserDetails userDetails = userDetailsService.loadUserByUsername(springSecurityService.principal.username, <place here the rolel to switch>);
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(),userDetails.getAuthorities()));
// refresh user detail
userCache.removeUserFromCache(springSecurityService.principal.username);