关于grails 2.4.3项目我正在使用Spring Security Core插件(2.0RC4)和另一个插件调用Feature Flipping。
我的所有控制器都已正确保护,身份验证正常运行。
“功能翻转”插件会显示/admin/feature URI,允许用户切换网络。
我尝试配置静态规则以仅允许ROLE_ADMIN个用户访问此资源,但我仍然收到“拒绝访问”错误。
有什么想法吗?
我的staticRules:
'/admin/**': ['ROLE_ADMIN']
SpringSecurity调试日志:
2014-10-28 17:15:47,805 [http-bio-8080-exec-4] DEBUG matcher.AntPathRequestMatcher - Request '/admin/features' matched by universal pattern '/**'
2014-10-28 17:15:47,806 [http-bio-8080-exec-4] DEBUG web.FilterChainProxy - /admin/features at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2014-10-28 17:15:47,806 [http-bio-8080-exec-4] DEBUG context.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@2116e65: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@2116e65: Principal: [REDACTED].security.UserDetails@f9520f8b: Username: pygillier; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@255f8: RemoteIpAddress: 127.0.0.1; SessionId: 7FF242941B7F95FD17E97D8611B3A5CF; Granted Authorities: ROLE_ADMIN, ROLE_USER'
2014-10-28 17:15:47,806 [http-bio-8080-exec-4] DEBUG web.FilterChainProxy - /admin/features at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
2014-10-28 17:15:47,806 [http-bio-8080-exec-4] DEBUG web.FilterChainProxy - /admin/features at position 3 of 8 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
2014-10-28 17:15:47,806 [http-bio-8080-exec-4] DEBUG web.FilterChainProxy - /admin/features at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2014-10-28 17:15:47,806 [http-bio-8080-exec-4] DEBUG web.FilterChainProxy - /admin/features at position 5 of 8 in additional filter chain; firing Filter: 'GrailsRememberMeAuthenticationFilter'
2014-10-28 17:15:47,806 [http-bio-8080-exec-4] DEBUG web.FilterChainProxy - /admin/features at position 6 of 8 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
2014-10-28 17:15:47,806 [http-bio-8080-exec-4] DEBUG web.FilterChainProxy - /admin/features at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2014-10-28 17:15:47,806 [http-bio-8080-exec-4] DEBUG web.FilterChainProxy - /admin/features at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2014-10-28 17:15:47,807 [http-bio-8080-exec-4] DEBUG intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /admin/features; Attributes: [_DENY_]
答案 0 :(得分:1)
我会根据我已经从你那里获得的信息给出一个镜头。如果您没有指定securityConfigType,Grails Spring Security插件将默认在控制器类上使用Annotations。如果是这种情况(或者您因为想要明确使用Annotations),那么您有几个选择:
grails.plugin.springsecurity.rejectIfNoRule设为false。建议不要这样做,因为它可能会使所有未明确保护的其他URL保持打开状态。但是,它可能适合开发。grails.plugin.springsecurity.controllerAnnotations.staticRules 因此,您的配置应该如下所示:
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/admin/**': ['ROLE_ADMIN']
]
作为参考,这是line of code给了我一个关于这里发生了什么的提示。这告诉我,Spring Security插件无法找到您定义的'ROLE_ADMIN'属性,并且rejectIfNoRule设置为true(这是默认值)。
答案 1 :(得分:0)
好的,
我对插件的控制器名称&网址不同。
插件的控制器名称为FeatureSwitchAdmin并映射为/admin/features,在我需要设置的staticRules中
'/featureswitchadmin/**': ['ROLE_ADMIN']
获取有效的凭证。
(找到了@rmlan线索和official doc的解决方案)