grails 3.0 angularjs spring security rest插件获得403禁止

Question

我正在尝试使用带有angularjs配置文件的grails 3.2.0.M2来跟踪http://alvarosanchez.github.io/grails-angularjs-springsecurity-workshop/上的教程。

build.gradle具有以下内容

 compile 'org.grails.plugins:spring-security-core:3.1.1'
 compile "org.grails.plugins:spring-security-rest:2.0.0.M2"

我的application.groovy有以下内容

grails.plugin.springsecurity.userLookup.userDomainClassName = 'workspace.kernel.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'workspace.kernel.UserRole'
grails.plugin.springsecurity.authority.className = 'workspace.kernel.Role'
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.rejectIfNoRule = true

grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    [pattern: '/ats/**',       access: ['permitAll']],
    [pattern: '/login/**',       access: ['permitAll']],
    [pattern: '/index/**',       access: ['permitAll']],
    [pattern: '/',               access: ['permitAll']],
    [pattern: '/error',          access: ['permitAll']],
    [pattern: '/index',          access: ['permitAll']],
    //[pattern: '/welcome.gsp',      access: ['permitAll']],
    [pattern: '/shutdown',       access: ['permitAll']],
    [pattern: '/assets/**',      access: ['permitAll']],
    [pattern: '/**/js/**',       access: ['permitAll']],
    [pattern: '/**/css/**',      access: ['permitAll']],
    [pattern: '/**/images/**',   access: ['permitAll']],
    [pattern: '/**/favicon.ico', access: ['permitAll']],
    [pattern: '/dbconsole/**', access: ['permitAll']]

]

grails.plugin.springsecurity.filterChain.chainMap = [
    [pattern: '/assets/**',      filters: 'none'],
    [pattern: '/**/js/**',       filters: 'none'],
    [pattern: '/**/css/**',      filters: 'none'],
    [pattern: '/**/images/**',   filters: 'none'],
    [pattern: '/**/favicon.ico', filters: 'none'],
    [pattern: '/**',             filters: 'JOINED_FILTERS']
    //[pattern: '/**',         filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter']
]

我故意不使用＆＃39; / api / **＆＃39;前缀因为我想我将不得不改变多个javascript。

我已成功登录并获取令牌但在此之后许多操作都返回403状态。例如

@Transactional
    @Secured(['ROLE_ADMIN'])
    def save(User user) {
        if (user == null) {
            transactionStatus.setRollbackOnly()
            render status: NOT_FOUND
            return
        }

        if (user.hasErrors()) {
            transactionStatus.setRollbackOnly()
            respond user.errors, view: 'create'
            return
        }

        user.save flush: true

        respond user, [status: CREATED, view: "show"]
    }

另一方面，一些请求根本不需要令牌！ 例如，无论是否存在令牌

，它都能正常工作

 @Transactional
    @Secured(['ROLE_ADMIN'])
    def processUpload() {
        println params.file.getOriginalFilename()
        String xmlReponse = resumeParserService.parse(params.file.getBytes(), "txt")
        println 'response received'
        def xmlObj = new XmlSlurper().parseText(xmlReponse)
        println 'xml slurped'
        Map candidate =[:];
        candidate.firstName = xmlObj.personalInformation.firstname.text()
        candidate.lastName = xmlObj.personalInformation.lastname.text()
        candidate.email = xmlObj.personalInformation.email.text()
        candidate.mobile = xmlObj.personalInformation.phoneNumber.text()
        candidate.highestQualification = xmlObj.personalInformation.isced.name.text()
        xmlObj.binaryDocuments.document.each{
            if(it.class.text().startsWith('plot_')){
                candidate[it.class.text()] = it.binary.text()
            }
        }
       // println 'values assigned'
        println candidate
        render candidate as JSON
    }

最后我来自其他客户的请求 我最不感兴趣的是让我的网站无国籍;有没有办法让我的所有grails 3控制器有统计，只使用spring-security-core？