Grails 安全新手在这里。我正在浏览文档并尝试了这个。
成功登录后,即使填充了主体,为什么经过身份验证的用户为空。还有什么我需要做的吗?
class SecureController {
@Secured(['ROLE_ADMIN'])
def userInfo(){
if (isLoggedIn()){
//authenticatedUser is null though user is authenticated.
render authenticatedUser
//render principal
}
}
}
从文档
获取AuthenticatedUser
Loads the user domain class instance from the database that corresponds to the currently authenticated user, or null if not authenticated. This is the equivalent of adding a dependency injection for springSecurityService and calling PersonDomainClassName.get(springSecurityService.principal.id) (the typical way that this is often done).
最佳答案
您需要在 Controller 中注入(inject) springSecurityService
class SecureController {
def springSecurityService
@Secured(['ROLE_ADMIN'])
def userInfo(){
if (springSecurityService.isLoggedIn()){
//authenticatedUser is null though user is authenticated.
render authenticatedUser
//render principal
}
}
}
您还可以使用 springSecurityService.getCurrentUser() 检查您是否有有效的登录用户并呈现它。 spring security core documentation很清楚,看看吧!
关于grails - authenticatedUser 为 null 但原则不为 null,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25293757/