Grails指南41安全相关

<input name="comment.message" value="${comment.message.encodeAsHTML()}"/>

<a href="/mycontroller/find?searchKey=${lastSearch.encodeAsURL()}">

Repeat last search

</a>

Your registration code is: ${user.registrationCode.encodeAsBase64()}

${render(template: "/common/message").encodeAsJavaScript()}

Selected colour: #${[255,127,255].encodeAsHex()}

Your API Key: ${user.uniqueID.encodeAsMD5()}

byte[] passwordHash = params.password.encodeAsMD5Bytes()

Your API Key: ${user.uniqueID.encodeAsSHA1()}

byte[] passwordHash = params.password.encodeAsSHA1Bytes()

Your API Key: ${user.uniqueID.encodeAsSHA256()}

byte[] passwordHash = params.password.encodeAsSHA256Bytes()

############

简单身份验证（Authentication）

创建拦截器（Interceptor）：

grails create-interceptor security

生成：

grails-app/controllers/SecurityInterceptor.groovy

拦截器的实现：

class SecurityInterceptor {

SecurityInterceptor() {

matchAll()

.except(controller:'user', action:'login') //排出用户登录方法

}

boolean before() {

if (!session.user && actionName != "login") { //如果用户没有登录且方法action不是login，则返回登录页面

redirect(controller: "user", action: "login")

return false

}

return true

}

}

登录方法的实现：

def login() {

if (request.get) {

return // 显示登录页面

}

def u = User.findByLogin(params.login)

if (u) {

if (u.password == params.password) {

session.user = u

redirect(action: "home") //调转到首页

}

else {

render(view: "login", model: [message: "Password incorrect"])

}

}

else {

render(view: "login", model: [message: "User not found"])

}

}