我一直在尝试实现grails插件spring-security-oauth-facebook:0.2并且没有从spring插件获得成功的身份验证。我可以访问facebook,成功输入我的凭据,但是当facebook重定向回我的本地站点时,我会分配标准的ROLE_ANONYMOUS并重定向到登录页面。通过spring security安全的标准站点登录工作正常。
I'm using Grails 2.4.4
BuildConfig.groovy applicable plugins are:
compile ':spring-security-core:2.0-RC4'
compile ":spring-security-oauth:2.1.0-RC4"
compile ":spring-security-ui:1.0-RC2"
compile ':spring-security-oauth-facebook:0.2'
Config.groovy:
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.myapp.domain.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.myapp.domain.UserRole'
grails.plugin.springsecurity.authority.className = 'com.myapp.domain.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/login/**': ['permitAll'],
'/logout/**': ['permitAll'],
'/register/**': ['permitAll'],
'/oauth/**': ['permitAll'],
'/oauth/facebook/**': ['permitAll']
]
def appName = 'myapp'
def baseURL = grails.serverURL ?: "(myurl):${System.getProperty('server.port', '8050')}/${appName}"
oauth {
debug = true
providers {
facebook {
api = gweb.FaceBookCustomAPI
key = 'my-key'
secret = 'my-seceret'
successUri = "/oauth/facebook/success"
failureUri = "/oauth/facebook/failure"
callback = "${baseURL}/oauth/facebook/callback"
}
}
}
// Added by the Spring Security OAuth plugin:
grails.plugin.springsecurity.oauth.domainClass = 'com.myapp.domain.OAuthID'
当我点击facebook链接登录时(url:/ oauth / facebook / authenticate?redirectUrl =)我得到以下日志:
....matcher.AntPathRequestMatcher Request '/oauth/facebook/authenticate' matched by universal pattern '/**'
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
context.HttpSessionSecurityContextRepository No HttpSession currently exists
context.HttpSessionSecurityContextRepository No SecurityContext was available from the HttpSession: null. A new one will be created.
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= at position 3 of 8 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= at position 5 of 8 in additional filter chain; firing Filter: 'GrailsRememberMeAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= at position 6 of 8 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
intercept.FilterSecurityInterceptor Secure object: FilterInvocation: URL: /oauth/facebook/authenticate?redirectUrl=; Attributes: [permitAll]
intercept.FilterSecurityInterceptor Previously Authenticated: grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken@dc4337e: Principal: org.springframework.security.core.userdetails.User@dc730200: Username: __grails.anonymous.user__; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
hierarchicalroles.RoleHierarchyImpl getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps.
intercept.FilterSecurityInterceptor Authorization successful
intercept.FilterSecurityInterceptor RunAsManager did not change Authentication object
web.FilterChainProxy /oauth/facebook/authenticate?redirectUrl= reached end of additional filter chain; proceeding with original chain
gweb.FaceBookCustomAPI AuthorizationUrl: facebook.com/dialog/oauth?client_id=123MYCLIENTID123&redirect_uri=http%3A%2F%2Flocal.myappname.com%3A8050%2Fgweb%2Foauth%2Ffacebook%2Fcallback api key: 123MYCLIENTID123 seceret: d3996df187347f9f6b8021dd223acdf5
access.ExceptionTranslationFilter Chain processed normally
context.HttpSessionSecurityContextRepository SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
context.SecurityContextPersistenceFilter SecurityContextHolder now cleared, as request processing completed
matcher.AntPathRequestMatcher Request '/oauth/facebook/callback' matched by universal pattern '/**'
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
context.HttpSessionSecurityContextRepository HttpSession returned null object for SPRING_SECURITY_CONTEXT
context.HttpSessionSecurityContextRepository No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@28b44fe3. A new one will be created.
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw at position 3 of 8 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw at position 5 of 8 in additional filter chain; firing Filter: 'GrailsRememberMeAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw at position 6 of 8 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
intercept.FilterSecurityInterceptor Secure object: FilterInvocation: URL: /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw; Attributes: [permitAll]
intercept.FilterSecurityInterceptor Previously Authenticated: grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken@dc6f3f8: Principal: org.springframework.security.core.userdetails.User@dc730200: Username: __grails.anonymous.user__; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@255f8: RemoteIpAddress: 127.0.0.1; SessionId: AE8351B5D34F45ED370ED63F6FB7C3A8; Granted Authorities: ROLE_ANONYMOUS
hierarchicalroles.RoleHierarchyImpl getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps.
intercept.FilterSecurityInterceptor Authorization successful
intercept.FilterSecurityInterceptor RunAsManager did not change Authentication object
web.FilterChainProxy /oauth/facebook/callback?code=AQCgtBI6VeUcWF7xUN5G4n9IU3Owyjm9HiM3OiPWvI2-w5FILyeqNEYPKOgDVGvyLShnNBcwzTjgPuJLls-9VFXrVCQrH4nWOzbUmUukoJVusMQUXhX6fjO_XY8a21VuJh9RkpTg-isZCSSEe86Nz9rbF4c9NK_-GRUa0onNwAbzvMSUG-IqzfzZaxyFoDcBWxS6VDuZrqVyFKEiTa0mgDjRgCZ077KMLdWJn8tWB8E9jR59CnWrvpXvfpcHz4w5NWmfmKE7Johh9ymYn8YeLr0L_7OlSydDQAyO-ERJf2JTvraQzNY0e-CA2SxTWL4lVxw reached end of additional filter chain; proceeding with original chain
gweb.FaceBookCustomAPI accessTokenEndpoint: https://graph.facebook.com/oauth/access_token
access.ExceptionTranslationFilter Chain processed normally
context.HttpSessionSecurityContextRepository SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
context.SecurityContextPersistenceFilter SecurityContextHolder now cleared, as request processing completed
matcher.AntPathRequestMatcher Request '/oauth/facebook/success' matched by universal pattern '/**'
web.FilterChainProxy /oauth/facebook/success at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
context.HttpSessionSecurityContextRepository HttpSession returned null object for SPRING_SECURITY_CONTEXT
context.HttpSessionSecurityContextRepository No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@28b44fe3. A new one will be created.
web.FilterChainProxy /oauth/facebook/success at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
web.FilterChainProxy /oauth/facebook/success at position 3 of 8 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/success at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
web.FilterChainProxy /oauth/facebook/success at position 5 of 8 in additional filter chain; firing Filter: 'GrailsRememberMeAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/success at position 6 of 8 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
web.FilterChainProxy /oauth/facebook/success at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
web.FilterChainProxy /oauth/facebook/success at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
intercept.FilterSecurityInterceptor Secure object: FilterInvocation: URL: /oauth/facebook/success; Attributes: [_DENY_]
intercept.FilterSecurityInterceptor Previously Authenticated: grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken@dc6f3f8: Principal: org.springframework.security.core.userdetails.User@dc730200: Username: __grails.anonymous.user__; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@255f8: RemoteIpAddress: 127.0.0.1; SessionId: AE8351B5D34F45ED370ED63F6FB7C3A8; Granted Authorities: ROLE_ANONYMOUS
hierarchicalroles.RoleHierarchyImpl getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps.
access.ExceptionTranslationFilter Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at grails.plugin.springsecurity.access.vote.AuthenticatedVetoableDecisionManager.decide(AuthenticatedVetoableDecisionManager.java:47)
at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
at grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:49)
at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:82)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
savedrequest.HttpSessionRequestCache DefaultSavedRequest added to Session: DefaultSavedRequest[http://local.myappname.com:8050/gweb/oauth/facebook/success]
access.ExceptionTranslationFilter Calling Authentication entry point.
web.DefaultRedirectStrategy Redirecting to 'local.myappname.com:8050/gweb/login/auth'
context.HttpSessionSecurityContextRepository SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
context. ..... this seems to repeat a couple more times...
我感到茫然,似乎Facebook身份验证工作正常。我可以杀死我的FB会话/从我的个人资料中删除应用程序,当我从我的网站尝试验证URL时,一切似乎都有效,但我总是被重定向到我的登录屏幕上面的上述日志。我错过了部分实施吗?
答案 0 :(得分:0)
我已经遇到了这个完全相同的问题好几天,但我想我已经解决了:答案是该插件似乎没有正确处理" Annotation" securityConfigType。
所以,为了让它工作,你需要改变: grails.plugin.springsecurity.securityConfigType ="注释" 至 grails.plugin.springsecurity.securityConfigType =" InterceptUrlMap"
然后,您需要将grails.plugin.springsecurity.controllerAnnotations.staticRules配置转换为grails.plugin.springsecurity.interceptUrlMap,然后将基于注释的安全性从控制器移植到此配置。
这是我可以让这个插件真正起作用的唯一方法。希望这会有所帮助。