由于某些原因,我的staticRules未被应用。
添加" org.grails.plugins:spring-security-core:3.0.0.M1"插件并执行
grails s2-quickstart com.testapp User Role
成功创建了Role User和UserRole域。 还创建了包含一些设置的application.groovy文件。
但我正在使用application.yml文件来配置我的应用程序。 所以我将属性移动到我的application.yml并删除了.groovy文件。
由于某些原因,不应用staticRules。可能存在语法错误。
---
grails:
plugin:
springsecurity:
userLookup:
userDomainClassName: 'User'
authorityJoinClassName: 'UserRole'
authority:
className: 'Role'
apf:
postOnly: false
password:
algorithm: 'bcrypt'
controllerAnnotations:
staticRules:
/: permitAll
/error: permitAll
/index: permitAll
/index.gsp: permitAll
/shutdown: permitAll
/assets/**: permitAll
/**/js/**: permitAll
/**/css/**: permitAll
/**/images/**: permitAll
/**/favicon.ico: permitAll
mime:
disable:
accept:
header:
userAgents:
...
我尝试了多种变体,例如
'/': 'permitAll'
/: 'permitAll'
但每次我打开localhost:8080 /我都会被提示登录!
答案 0 :(得分:2)
YML中的新Spring安全配置如下所示:
---
grails:
plugin:
springsecurity:
userLookup.userDomainClassName: 'org...User'
userLookup.authorityJoinClassName: 'org...UserRole'
authority.className: 'org...Role'
controllerAnnotations.staticRules:
- pattern: '/'
access: ['permitAll']
- pattern: '/index'
access: ['permitAll']
- pattern: '/index.gsp'
access: ['permitAll']
- pattern: '/error'
access: ['permitAll']
- pattern: '/user/denied'
access: ['permitAll']
- pattern: '/assets/**'
access: ['permitAll']
- pattern: '/**/js/**'
access: ['permitAll']
- pattern: '/**/css/**'
access: ['permitAll']
- pattern: '/**/images/**'
access: ['permitAll']
- pattern: '/**/favicon.ico'
access: ['permitAll']
出于测试目的(确保此配置有效)允许所有静态规则之外的所有静态规则,但请务必在以后删除它:
- pattern: '/**'
access: ['permitAll']