Grails的Spring Security的默认配置：如何定义默认的用户名和密码

Question

在纯春天，我可以这样做

<security:authentication-manager> 
<security:authentication-provider user-service-ref="customUserDetailsService">  
    <security:password-encoder ref="passwordEncoder"/> 
</security:authentication-provider> 
<security:authentication-provider> 
    <security:user-service> 
     <security:user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" /> 
    </security:user-service> 

它是没有办法做到在Grails中同样使用Spring Security插件？

我可以实现我自己的身份验证 - 提供，但在这种情况下，我将存储硬编码类的凭据。

Answer 1

通常这在BootStrap.groovy，例如，

import com.foo.Role 
import com.foo.User 
import com.foo.UserRole 

class BootStrap { 

    def init = { 
     def userRole = Role.findOrSaveByAuthority('ROLE_USER') 
     def adminRole = Role.findOrSaveByAuthority('ROLE_ADMIN') 

     if (!User.findByUsername('admin')) { 
     def admin = new User(username: 'admin', password: 'admin').save() 

     UserRole.create admin, userRole 
     UserRole.create admin, adminRole 

     User.withSession { it.flush() } 
     } 
    } 
} 

Answer 2

您可以通过使用InMemoryUserDetailsManager（在resources.groovy）做到这一点：

import org.springframework.security.provisioning.InMemoryUserDetailsManager 
import org.springframework.security.core.userdetails.User 
import org.springframework.security.core.authority.SimpleGrantedAuthority 

beans = { 
    userDetailsService(InMemoryUserDetailsManager, 
      [new User('admin', 'password hash', [new SimpleGrantedAuthority('ROLE_ADMIN')])]) 
} 

Answer 3

您可以使用的Grails提供这些自定义标签春天的安全性。

<sec:ifLoggedIn> 
<li><a><sec:username /></a></li> 
<li><g:link controller="logout">Logout</g:link></li> 
</sec:ifLoggedIn> 
<sec:ifNotLoggedIn> 
<li><g:link controller='controller' action='action'>Login</g:link></li> 
<li><g:link controller="controller" action="action">Signup</g:link></li> 
</sec:ifNotLoggedIn>