我正在运行grails 2.3.3并且我已成功将spring-security-core,版本2.0-RC5插件添加到我的应用程序中。我使用s2-quickstart成功登录了使用新用户/角色构建设置的应用程序。
在许多视频教程的指导下,我创建了一个家庭和公共控制器,并设法使用不同级别的身份验证访问基于操作的URL。
我的问题是将此身份验证与引入安全性插件之前存在的控制器中的原始应用程序视图/操作相结合。当尝试访问任何这些URL时,我收到消息:
抱歉,您无权查看此页面。
要在我已添加到控制器文件顶部的控制器的单个操作上启用身份验证:
import grails.plugin.springsecurity.annotation.Secured
然后直接在每个单独行动的动作定义之上,我添加了一行:
@Secured('ROLE_USER')
或
@Secured('ROLE_ADMIN')
我还在Config.groovy文件的springsecurity staticRules中添加了高级身份验证控件:
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/logout/**': ['permitAll'],
'/videos/**': ['ROLE_ADMIN'],
'/videoNew/inputvideo': ['permitAll']
我认为自从添加安全插件后我可能需要重新创建这些原始控制器,但我仍然无法通过身份验证障碍。
我错过了什么?
以下是由s2-quickstart设置的Config.groovy文件中的所有grails.plugin.springSecurity设置:
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'vidplay.SecUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'vidplay.SecUserSecRole'
grails.plugin.springsecurity.authority.className = 'vidplay.SecRole'
grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/home' //SEC0616 defines default page to go upon a successfull login
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/dbconsole/**': ['ROLE_ADMIN'],
'/videos/**': ['permitAll'],
'/public/**': ['permitAll'],
'/videos/index': ['permitAll'],
'/home/**': ['permitAll'],
'/login/**': ['permitAll'],
'/logout/**': ['permitAll'],
'/videos/**': ['ROLE_ADMIN'],
'/videoNew/inputvideo': ['permitAll']
]
以下是弹簧安全调试日志,指示'授权成功' - 尽管我仍然可以访问问题:
matcher.AntPathRequestMatcher请求' / videonew / inputvideo'与通用模式匹配' / **' web.FilterChainProxy / videoNew / inputvideo在第1位,共8个附加过滤链;触发过滤器:' SecurityContextPersistenceFilter' context.HttpSessionSecurityContextRepository从SPRING_SECURITY_CONTEXT获取有效的SecurityContext:' org.springframework.security.core.context.SecurityContextImpl@bdd2c1f3:身份验证:org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bdd2c1f3:Principal:grails.plugin.springsecurity。 userdetails.GrailsUser@6315afb:用户名:mike1;密码保护];启用:true; AccountNonExpired:true; credentialsNonExpired:true; AccountNonLocked:true;授权机构:ROLE_USER;证书:[保护];认证:真实;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938:RemoteIpAddress:0:0:0:0:0:0:0:1; SessionId:02E339B19772D3DF9B32723AC1EA8E3F;授权机构:ROLE_USER' web.FilterChainProxy / videoNew / inputvideo在第2位的第8位附加过滤链中;触发过滤器:' MutableLogoutFilter' web.FilterChainProxy / videoNew / inputvideo在第3位,共8个附加过滤链;触发过滤器:' RequestHolderAuthenticationFilter' web.FilterChainProxy / videoNew / inputvideo在第4位,共8个附加过滤链;触发过滤器:' SecurityContextHolderAwareRequestFilter' web.FilterChainProxy / videoNew / inputvideo在第5位的8位附加滤镜链中;过滤:' GrailsRememberMeAuthenticationFilter' web.FilterChainProxy / videoNew / inputvideo,位于第6位,共8个,附加过滤链;过滤:' GrailsAnonymousAuthenticationFilter' web.FilterChainProxy / videoNew / inputvideo在第7位,共8个附加过滤链;触发过滤器:' ExceptionTranslationFilter' web.FilterChainProxy / videoNew / inputvideo在8位8的附加过滤链中;触发过滤器:' FilterSecurityInterceptor' intercept.FilterSecurityInterceptor安全对象:FilterInvocation:URL:/ videoNew / inputvideo;属性:[permitAll] intercept.FilterSecurityInterceptor以前经过身份验证:org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bdd2c1f3:Principal:grails.plugin.springsecurity.userdetails.GrailsUser@6315afb:用户名:mike1;密码保护];启用:true; AccountNonExpired:true; credentialsNonExpired:true; AccountNonLocked:true;授权机构:ROLE_USER;证书:[保护];认证:真实;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938:RemoteIpAddress:0:0:0:0:0:0:0:1; SessionId:02E339B19772D3DF9B32723AC1EA8E3F;授权机构:ROLE_USER hierarchicalroles.RoleHierarchyImpl getReachableGrantedAuthorities() - 从角色[ROLE_USER]可以零步或多步到达[ROLE_USER]。 intercept.FilterSecurityInterceptor授权成功 intercept.FilterSecurityInterceptor RunAsManager未更改Authentication对象 web.FilterChainProxy / videoNew / inputvideo到达额外过滤器链的末尾;继续与原始链 access.ExceptionTranslationFilter链正常处理 context.SecurityContextPersistenceFilter SecurityContextHolder现已清除,请求处理完成