How to use Grails Spring Security Plugin to require logging in before access an action?
Posted
by
Hoàng Long
on Stack Overflow
See other posts from Stack Overflow
or by Hoàng Long
Published on 2011-01-18T03:46:05Z
Indexed on
2011/01/18
3:53 UTC
Read the original article
Hit count: 265
Hi all,
I know that I can use annotation or Request mapping to restrict access to an ACTION by some specific ROLES. But now I have a different circumstance.
My scenario is: every user of my site can create posts, and they can make their own post public, private, or only share to some other users. I implement sharing post by a database table PERMISSION, which specify if a user have the right to view a post or not.
The problem arises here is that when a customer access a post through a direct link, how can I determine he/she have the privilege to view it? There's 3 circumstances:
- The post is public, so it can be viewed by anyone (include not-login user)
- The post is private, so only the login-owner can view it
- The post is sharing, it means only the login-user that is shared and the owner can view it.
I want to process like this:
- If the requested post is public: ok.
- If the requested post is private/sharing: I want to redirect the customer to the login page; after logging in, the user will be re-direct to the page he wants to see.
The problem here is that I can redirect the user to login controller/ auth action, but after that I don't know how to redirect it back. The link to every post is different by post_id, so I can't use SpringSecurityUtils.securityConfig.successHandler.defaultTargetUrl
Could anyone know a way to do this?
© Stack Overflow or respective owner