org.springframework.security.access.AccessDeniedException: Access is denied
at grails.plugin.springsecurity.access.vote.AuthenticatedVetoableDecisionManager.decide(AuthenticatedVetoableDecisionManager.java:43)
at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
at grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:53)
at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
尝试查看网站上的不同网页时出现此错误。 登录后,我尝试访问其中一个页面,我在IntelliJ Idea终端的日志窗口中收到此错误。我正在使用安全注释。
2015-12-28 09:48:54,527 [http-bio-8080-exec-12] DEBUG intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /list.html; Attributes: [_DENY_]
2015-12-28 09:48:54,527 [http-bio-8080-exec-12] DEBUG intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fec5dc2f: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: B3587266591A115997973363DF758EB8; Granted Authorities: ROLE_USER, ROLE_ADMIN
2015-12-28 09:48:54,527 [http-bio-8080-exec-12] DEBUG hierarchicalroles.RoleHierarchyImpl - getReachableGrantedAuthorities() - From the roles [ROLE_USER, ROLE_ADMIN] one can reach [ROLE_USER, ROLE_ADMIN] in zero or more steps.
2015-12-28 09:48:54,557 [http-bio-8080-exec-12] DEBUG access.ExceptionTranslationFilter - Access is denied (user is not anonymous); delegating to AccessDeniedHandler
Message: Access is denied
Line | Method
->> 43 | decide in grails.plugin.springsecurity.access.vote.AuthenticatedVetoableDecisionManager
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 53 | doFilter in grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter
| 62 | doFilter in grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter
| 1142 | runWorker in java.util.concurrent.ThreadPoolExecutor
| 617 | run . . . in java.util.concurrent.ThreadPoolExecutor$Worker
^ 745 | run in java.lang.Thread
2015-12-28 09:48:54,559 [http-bio-8080-exec-12] DEBUG filter.UrlMappingsFilter - Executing URL mapping filter...
2015-12-28 09:48:54,649 [http-bio-8080-exec-12] DEBUG filter.UrlMappingsFilter - Matched URI [/login/denied] to URL mapping [/(*)/(*)?/(*)?(.(*))?], forwarding to [/grails/login/denied.dispatch] with response [class org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper]
2015-12-28 09:48:54,649 [http-bio-8080-exec-12] DEBUG context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed.
任何人都可以告诉我我可以查看什么来检查问题。我试图更改config.groovy文件,URLmapping.groovy文件。
这是我的config.groovy
grails.app.context='/'
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.dtech.security.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.dtech.security.UserRole'
grails.plugin.springsecurity.authority.className = 'com.dtech.security.Role'
grails.plugin.springsecurity.failureHandler.defaultFailureUrl='/?login_error=1'
grails.plugin.springsecurity.auth.loginFormUrl='/' //send to index page for login
//redirect to Dynics home page on logout
grails.plugin.springsecurity.logout.afterLogoutUrl='http://www.google.com'
//grails.plugin.springsecurity.failureHandler.useForward=false
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/' : ['permitAll'],
'/index' : ['permitAll'],
'/index.gsp' : ['permitAll'],
'/assets/**' : ['permitAll'],
'/**/js/**' : ['permitAll'],
'/**/css/**' : ['permitAll'],
'/**/images/**' : ['permitAll'],
'/**/favicon.ico' : ['permitAll'],
//'/api/**' : ['permitAll'],
'/rmalog/**' : ['ROLE_ADMIN','ROLE_USER'],
'/api/rmalog/**' : ['ROLE_ADMIN','ROLE_USER'],
这是我的带有注释的控制器
package com.dtech.controllers
import com.dtech.PagedRestfulController
import com.dtech.domain.Rmalog
import grails.plugin.springsecurity.annotation.Secured
import org.codehaus.groovy.grails.commons.GrailsApplication
@Secured(['ROLE_ADMIN','ROLE_USER'])
class RmalogController extends PagedRestfulController {
def exportService
GrailsApplication grailsApplication
RmalogController(){
super(Rmalog)
}
def export(){
if(params?.formatRequest && params.formatRequest != "html"){
if(!params.max) params.max = 15000 //set max for records export
response.contentType = grailsApplication.config.grails.mime.types[params.formatRequest]
response.setHeader("Content-disposition", "attachment; filename=rmalog.${params.extension}")
def exportData = loadPagedResults(params);
exportService.export(params.formatRequest,
response.outputStream, exportData, [:], [:])
}
}
}
这是我的rmalog viewSource
<!DOCTYPE html>
<html>
<head>
<meta name="layout" content="angular"/>
<asset:javascript src="dynics-app/rmalog/module"/>
</head>
<body ng-app="dynicsApp.rmalog">
</body>
</html>
答案 0 :(得分:0)
默认情况下,除非对所请求的URL有规则,否则拒绝访问所有URL。请阅读the docs了解详情。
您的错误表示拒绝访问/list.html,这是有道理的,因为staticRules地图中的任何内容都不包含该网址,并且您没有在控制器中提及处理该网址的任何注释。