Grails Spring安全插件用户规则问题

时间:2012-12-02 02:57:19

标签: grails spring-security

我已将Grails Spring Security插件添加到脚手架Grails 2.1.1应用程序中。我正在设置用户规则,以便只有ROLE_ADMIN用户可以编辑,删除,更新或创建。我有这个工作除了删除。出于某种原因,我的ROLE_USER用户仍然可以删除。我的规则下面有什么问题吗?

grails.plugins.springsecurity.securityConfigType = SecurityConfigType.InterceptUrlMap
grails.plugins.springsecurity.interceptUrlMap = [
'/person/update/*':     ['ROLE_ADMIN', 'IS_AUTHENTICATED_REMEMBERED'],
'/person/edit/*':       ['ROLE_ADMIN', 'IS_AUTHENTICATED_REMEMBERED'],
'/person/delete':       ['ROLE_ADMIN', 'IS_AUTHENTICATED_REMEMBERED'],
'/person/create':       ['ROLE_ADMIN', 'IS_AUTHENTICATED_REMEMBERED'],

'/county/update/*':     ['ROLE_ADMIN', 'IS_AUTHENTICATED_REMEMBERED'],
'/county/delete':       ['ROLE_ADMIN', 'IS_AUTHENTICATED_REMEMBERED'],
'/county/edit/*':       ['ROLE_ADMIN', 'IS_AUTHENTICATED_REMEMBERED'],
'/county/create':       ['ROLE_ADMIN', 'IS_AUTHENTICATED_REMEMBERED'],

'/course/update/*':     ['ROLE_ADMIN', 'IS_AUTHENTICATED_REMEMBERED'],
'/course/delete':       ['ROLE_ADMIN', 'IS_AUTHENTICATED_REMEMBERED'],
'/course/edit/*':       ['ROLE_ADMIN', 'IS_AUTHENTICATED_REMEMBERED'],
'/course/create':       ['ROLE_ADMIN', 'IS_AUTHENTICATED_REMEMBERED'],

'/':                    ['IS_AUTHENTICATED_REMEMBERED'],
'/**':                  ['IS_AUTHENTICATED_ANONYMOUSLY']

谢谢!

1 个答案:

答案 0 :(得分:4)

我在文档中谈到这一点 - 请参阅http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/5%20Configuring%20Request%20Mappings%20to%20Secure%20URLs.html上有关actionSubmit的警告

当您看到actionSubmit标记发布到索引操作时,Grails根据隐藏的输入确定要转发到哪个操作,但对于Spring Security来说为时已晚。

修复方法是使用两个表单而不使用actionSubmit

相关问题
最新问题