Grails简单注册/登录表格

Question

我创建了全新的Grails项目，然后使用grails s2-quickstart命令获取LoginController和User/UserRole类。一切工作正常，我有一个登录页面。然后，我通过选择“生成控制器和视图”在GTS中创建用户控制器。产生的UserController的如下所示：

import static org.springframework.http.HttpStatus.* 
import grails.transaction.Transactional 

@Transactional(readOnly = true) 
class UserController { 

static allowedMethods = [save: "POST", update: "PUT", delete: "DELETE"] 

def index(Integer max) { 
    params.max = Math.min(max ?: 10, 100) 
    respond User.list(params), model:[userInstanceCount: User.count()] 
} 

def show(User userInstance) { 
    respond userInstance 
} 

def create() { 
    respond new User(params) 
} 

@Transactional 
def save(User userInstance) { 
    if (userInstance == null) { 
     notFound() 
     return 
    } 

    if (userInstance.hasErrors()) { 
     respond userInstance.errors, view:'create' 
     return 
    } 

    userInstance.save flush:true 

    request.withFormat { 
     form multipartForm { 
      flash.message = message(code: 'default.created.message', args: [message(code: 'user.label', default: 'User'), userInstance.id]) 
      redirect userInstance 
     } 
     '*' { respond userInstance, [status: CREATED] } 
    } 
} 

def edit(User userInstance) { 
    respond userInstance 
} 

@Transactional 
def update(User userInstance) { 
    if (userInstance == null) { 
     notFound() 
     return 
    } 

    if (userInstance.hasErrors()) { 
     respond userInstance.errors, view:'edit' 
     return 
    } 

    userInstance.save flush:true 

    request.withFormat { 
     form multipartForm { 
      flash.message = message(code: 'default.updated.message', args: [message(code: 'User.label', default: 'User'), userInstance.id]) 
      redirect userInstance 
     } 
     '*'{ respond userInstance, [status: OK] } 
    } 
} 

@Transactional 
def delete(User userInstance) { 

    if (userInstance == null) { 
     notFound() 
     return 
    } 

    userInstance.delete flush:true 

    request.withFormat { 
     form multipartForm { 
      flash.message = message(code: 'default.deleted.message', args: [message(code: 'User.label', default: 'User'), userInstance.id]) 
      redirect action:"index", method:"GET" 
     } 
     '*'{ render status: NO_CONTENT } 
    } 
} 

protected void notFound() { 
    request.withFormat { 
     form multipartForm { 
      flash.message = message(code: 'default.not.found.message', args: [message(code: 'user.label', default: 'User'), params.id]) 
      redirect action: "index", method: "GET" 
     } 
     '*'{ render status: NOT_FOUND } 
    } 
} 

}

现在，当我想去/用户/索引页转发我到登录页面... 如何改变这种状况？如果这个问题很微不足道，我对于Grails来说是全新的。

Answer 1

您需要通过在配置文件中指定spring security controller注释静态规则或在控制器上使用Secured注释来为特定角色提供对用户/索引的访问。

参考：http://grails-plugins.github.io/grails-spring-security-core/v3/index.html#secured-annotation

http://grails-plugins.github.io/grails-spring-security-core/v3/index.html#pessimistic-lockdown