Grails 3 Spring Security application.yml

时间:2015-10-30 08:38:00

标签: spring-security grails-3.0

由于某些原因,我的staticRules未被应用。

添加" org.grails.plugins:spring-security-core:3.0.0.M1"插件并执行

grails s2-quickstart com.testapp User Role

成功创建了Role User和UserRole域。 还创建了包含一些设置的application.groovy文件。

但我正在使用application.yml文件来配置我的应用程序。 所以我将属性移动到我的application.yml并删除了.groovy文件。

由于某些原因,不应用staticRules。可能存在语法错误。

---
grails:
    plugin:
        springsecurity:
            userLookup:
                userDomainClassName: 'User'
                authorityJoinClassName: 'UserRole'
            authority:
                className: 'Role'
            apf:
                postOnly: false
            password:
                algorithm: 'bcrypt'
            controllerAnnotations:
                staticRules:
                    /: permitAll
                    /error: permitAll
                    /index: permitAll
                    /index.gsp: permitAll
                    /shutdown: permitAll
                    /assets/**: permitAll
                    /**/js/**: permitAll
                    /**/css/**: permitAll
                    /**/images/**: permitAll
                    /**/favicon.ico: permitAll
    mime:
        disable:
            accept:
                header:
                    userAgents:
    ...

我尝试了多种变体,例如

'/': 'permitAll'
/: 'permitAll'

但每次我打开localhost:8080 /我都会被提示登录!

1 个答案:

答案 0 :(得分:2)

YML中的新Spring安全配置如下所示:

---
grails:
  plugin:
    springsecurity:
      userLookup.userDomainClassName: 'org...User'
      userLookup.authorityJoinClassName: 'org...UserRole'
      authority.className: 'org...Role'
      controllerAnnotations.staticRules:
        - pattern: '/'
          access: ['permitAll']
        - pattern: '/index'
          access: ['permitAll']
        - pattern: '/index.gsp'
          access: ['permitAll']
        - pattern: '/error'
          access: ['permitAll']
        - pattern: '/user/denied'
          access: ['permitAll']
        - pattern: '/assets/**'
          access: ['permitAll']
        - pattern: '/**/js/**'
          access: ['permitAll']
        - pattern: '/**/css/**'
          access: ['permitAll']
        - pattern: '/**/images/**'
          access: ['permitAll']
        - pattern: '/**/favicon.ico'
          access: ['permitAll']

出于测试目的(确保此配置有效)允许所有静态规则之外的所有静态规则,但请务必在以后删除它:

- pattern: '/**'
      access: ['permitAll']