我有 Grails 2.2.5 应用程序,该应用程序使用 Grails Spring Security 1.2.7.3 , Spring Security LDAP 1.0.6 ,以及< strong> Spring Security CAS 1.0.5 用于身份验证/授权的插件。登录,角色,单点登录都可以正常工作。但由于某种原因,应用程序在通过CAS登录后不会重定向到请求的URL。我没有将配置设置为始终使用默认目标。
我打开了日志记录,并报告它正在保存请求:
HttpSessionRequestCache DefaultSavedRequest added to Session:
DefaultSavedRequest[http://localhost:8080/books/bookstoreAdmin/]
这实际上是正确的网址。但是,登录后,日志记录报告以下内容:
DefaultRedirectStrategy
Redirecting to '/books/;jsessionid=B3994E4A1F2B9227CD8835B037A9AFE4'
和...
HttpSessionRequestCache
Removing DefaultSavedRequest from session if present
SecurityContextPersistenceFilter
SecurityContextHolder now cleared, as request processing completed
FilterChainProxy
Converted URL to lowercase, from: '/index.gsp'; to: '/index.gsp'
FilterChainProxy
Candidate is: '/index.gsp'; pattern is /**; matched=true
然后,应用程序会重定向到/index.gsp,这是不正确的(它应该转到/bookstoreAdmin。
以下是我的配置设置,然后是完整的日志记录:
Spring安全配置:
grails.plugins.springsecurity.cas.serverUrlPrefix = 'https://server.com/cas'
grails.plugins.springsecurity.cas.loginUri = "/login"
grails.plugins.springsecurity.cas.serviceUrl = "${grails.serverURL}/j_spring_cas_security_check"
grails.plugins.springsecurity.ldap.authorities.clean.dashes = true
grails.plugins.springsecurity.ldap.authorities.clean.uppercase = true
grails.plugins.springsecurity.providerNames = ['casAuthenticationProvider']
grails.plugins.springsecurity.logout.afterLogoutUrl = "${grails.plugins.springsecurity.cas.serverUrlPrefix}/logout?service=${grails.serverURL}"
grails.plugins.springsecurity.securityConfigType = 'InterceptUrlMap'
grails.plugins.springsecurity.interceptUrlMap = [
'/api/**': ['ROLE_ADMIN'],
'/login/**': ['permitAll'],
'/logout/**': ['permitAll'],
'/bookstore/**': ['permitAll'],
'/bookstoreAdmin/**': ["hasRole('BOOKSTORE') or hasRole('BOOKSTORE RENTAL') or hasRole('APP-ADMIN')"],
'/**': ['IS_AUTHENTICATED_FULLY']
]
日志记录:
access.ExceptionTranslationFilter Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:65)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:722)
savedrequest.HttpSessionRequestCache DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/books/bookstoreAdmin/]
access.ExceptionTranslationFilter Calling Authentication entry point.
context.HttpSessionSecurityContextRepository SecurityContext is empty or anonymous - context will not be stored in HttpSession.
context.SecurityContextPersistenceFilter SecurityContextHolder now cleared, as request processing completed
web.FilterChainProxy Converted URL to lowercase, from: '/j_spring_cas_security_check'; to: '/j_spring_cas_security_check'
web.FilterChainProxy Candidate is: '/j_spring_cas_security_check'; pattern is /**; matched=true
web.FilterChainProxy /j_spring_cas_security_check?ticket=ST-70970-jpLDzhe55JOI03zXvJkv-OurCasServer.com at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
context.HttpSessionSecurityContextRepository HttpSession returned null object for SPRING_SECURITY_CONTEXT
context.HttpSessionSecurityContextRepository No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@7de5f157. A new one will be created.
web.FilterChainProxy /j_spring_cas_security_check?ticket=ST-70970-jpLDzhe55JOI03zXvJkv-OurCasServer.com at position 2 of 9 in additional filter chain; firing Filter: 'MutableLogoutFilter'
web.FilterChainProxy /j_spring_cas_security_check?ticket=ST-70970-jpLDzhe55JOI03zXvJkv-OurCasServer.com at position 3 of 9 in additional filter chain; firing Filter: 'CasAuthenticationFilter'
web.CasAuthenticationFilter Request is to process authentication
authentication.ProviderManager Authentication attempt using org.springframework.security.cas.authentication.CasAuthenticationProvider
**** Authentication success logging
rememberme.TokenBasedRememberMeServices Did not send remember-me cookie (principal did not set parameter '_spring_security_remember_me')
rememberme.TokenBasedRememberMeServices Remember-me login not requested.
web.DefaultRedirectStrategy Redirecting to '/books/;jsessionid=B3994E4A1F2B9227CD8835B037A9AFE4'
context.HttpSessionSecurityContextRepository SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@cd87db26: Authentication: org.springframework.security.cas.authentication.CasAuthenticationToken@cd87db26: Principal: edu.mssu.ldap.MssuLdapUserDetails@79ca2798: Username: bookstore; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: BOOKSTORE; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1c07a: RemoteIpAddress: 1.1.1.1; SessionId: B3994E4A1F2B9227CD8835B037A9AFE4; Granted Authorities: BOOKSTORE Assertion: org.jasig.cas.client.validation.AssertionImpl@78580c62 Credentials (Service/Proxy Ticket): ST-70970-jpLDzhe55JOI03zXvJkv-OurCasServer.com'
savedrequest.HttpSessionRequestCache Removing DefaultSavedRequest from session if present
context.SecurityContextPersistenceFilter SecurityContextHolder now cleared, as request processing completed
web.FilterChainProxy Converted URL to lowercase, from: '/index.gsp'; to: '/index.gsp'
web.FilterChainProxy Candidate is: '/index.gsp'; pattern is /**; matched=true
***** Proceeds to go to /index.gsp
intercept.FilterSecurityInterceptor Authorization successful