Question

我已经安装了grails Spring-Security插件：

plugins {
    compile ':spring-security-core:2.0-RC2'
}

然后我使用grails s2-quickstart com.jane Person Role命令创建所需的域类。

由于我有自己的User类，因此我重构了代码以使用我的User类：

package com.jane

class User {

    transient springSecurityService

    String email
    String name
    String password
    Boolean isAgreeTerms = false
    Date agreeTermsDt
    Boolean isActive = false
    Boolean isBlocked = false

    Date dateCreated
    Integer createdBy = 0
    Date lastUpdated
    Integer modifiedBy = 0

    static transients = [ 'springSecurityService' ]
    static hasMany = [ userProductTier: UserProductTier ]
    static mapping = {
        id          column: "userID"
        dateCreated column: 'createdDt'
        lastUpdated column: 'modifiedDT'
    }

    static constraints = {
        email       blank: false, email: true, unique: true, size: 5..100
        name        blank: false, size: 3..50
        password    blank: false
    }

    void beforeInsert() {
        if ( isAgreeTerms ) {
            agreeTermsDt = new Date()
        }
        encodePassword()
    }

    def beforeUpdate() {
        if (isDirty('password')) {
            encodePassword()
       }
    }

    protected void encodePassword() {
        password = springSecurityService.encodePassword(password)
    }
}

然后我将config.groovy文件修改为：

grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.jane.User'
grails.plugin.springsecurity.userLookup.usernamePropertyName = 'email'
grails.plugin.springsecurity.userLookup.enabledPropertyName = 'isActive'
grails.plugin.springsecurity.userLookup.accountExpiredPropertyName = 'isBlocked'
grails.plugin.springsecurity.userLookup.accountLockedPropertyName = 'isBlocked'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.jane.UserRole'
grails.plugin.springsecurity.authority.className = 'com.jane.Role'

我可以很好地创建用户，验证他们在数据库中，验证了一次调用encodePassword。但每次我尝试登录时都会收到以下错误：

抱歉，我们无法找到具有该用户名的用户密码。

以下是创建用户的服务方法：

User createTeamLeader( String name, String email, String password, Boolean isAgreeTerms, Integer productTierId ) {
    User user = new User( name: name, email: email, password: password, isAgreeTerms: isAgreeTerms, isActive: true)
    UserProductTier userProductTier = new UserProductTier( productTierId: productTierId )
    user.addToUserProductTier( userProductTier )
    user.save()
    UserRole.create( user, Role.findByAuthority('ROLE_USER'), true )
    UserRole.create( user, Role.findByAuthority('ROLE_LEAD'), true )
    user
}

Answer 1

通常添加调试日志记录会有所帮助，因为Spring Security会在调试级别记录很多内容：

log4j = {
   ...
   debug 'org.springframework.security'
}

在这种情况下，它没有显示问题，所以我添加了一个事件监听器，以查看故障事件中是否有信息：

grails.plugin.springsecurity.useSecurityEventListener = true
grails.plugin.springsecurity.onAbstractAuthenticationFailureEvent = { e, appCtx ->
   println "\nERROR auth failed for user $e.authentication.name: $e.exception.message\n"
}

显示了这个：

ERROR auth failed for user ernie@ss.com: No such property: authorities for class: com.jane.User

当您在课程中进行更改时，您删除了原始版本中的getAuthorities方法，并由UserDetailsService用于在身份验证期间确定授予的角色。添加它可以解决问题：

Set<Role> getAuthorities() {
   UserRole.findAllByUser(this).collect { it.role } as Set
}

使用指定的用户名'抱歉，我们无法找到具有该用户名和密码的用户。'记录int时的消息

1 个答案: