Grails Spring Security LDAP“defaultRole”未分配

时间:2016-10-13 12:53:44

标签: grails spring-security ldap

我正在Grails中使用LDAP授权(身份验证工作)。这是我的配置:

grails.plugin.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugin.springsecurity.ldap.search.filter = 'sAMAccountName={0}'
grails.plugin.springsecurity.ldap.search.searchSubtree = true
grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugin.springsecurity.ldap.authorities.defaultRole = 'ROLE_USER'
grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = true   
grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = false    
grails.plugin.springsecurity.ldap.useRememberMe = false

我希望用户获得“ROLE_USER”角色,但我得到的只是:

DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@d66fe506: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@d66fe506: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@d66d0e48: Dn: cn=testuser,cn=Users,dc=GROUP,dc=LOCAL; Username: testuser; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1; SessionId: 2BA8D2C334CBDA358EEEAD97F12DD38C; Not granted any authorities'
你有任何智慧的话吗?我做错了什么?

1 个答案:

答案 0 :(得分:0)

只是为了记录,我发现解决方案是将retrieveGroupRoles切换为true:

grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = true