我正在关注Grails论坛应用程序的本教程:http://grails.asia/grails-forum-application。
我已经完成了它的内容,除了我使用spring-security-core:2.0.0插件而不是spring-security-core:1.2.7.3在教程中提到的教程中(上面给出的链接) )。
当我尝试登录时:我收到此错误:
“抱歉,您无权查看此页面”
我不确定错误是什么,因为控制台没有提供跟踪。
我在Ubuntu Linux 16.04上使用GGTS Groovy / Grails工具套件版本:3.6.4.RELEASE。
我使用的代码与上面链接和github(https://github.com/grailsasia/grails-ex-forum)
中列出的代码相同我做错了什么?该应用程序拒绝访问,即使我使用的是应用程序自己生成的用户名和密码。
这是我用来加载数据的Bootstrap.groovy的代码(再次 - 直接来自教程本身):
class BootStrap {
def random = new Random();
def words = ("time,person,year,way,day,thing,man,world,life,hand,part,child,eye,woman,place,work,week,case,point," +
"government,company,number,group,problem,fact,be,have,do,say,get,make,go,know,take,see,come,think,look," +
"want,give,use,find,tell,ask,work,seem,feel,try,leave,call,good,new,first,last,long,great,little,own," +
"other,old,right,big,high,different,small,large,next,early,young,important,few,public,bad,same,able,to,of," +
"in,for,on,with,at,by,from,up,about,into,over,after,beneath,under,above,the,and,a,that,I,it,not,he,as,you," +
"this,but,his,they,her,she,or,an,will,my,one,all,would,there,their").split(",")
def init = { servletContext ->
if (SecUser.count() == 0) { // no user in db, lets create some
def defaultRole = new SecRole(authority: 'ROLE_USER').save()
// create 100 users
(1..100).each { userNo ->
String username = "user${userNo}"
def user = new SecUser(username:username, password: 'secret', enabled: true).save()
// all users will have default role
new SecUserSecRole( secUser:user, secRole: defaultRole).save()
}
}
if ( Section.count() == 0 ) { // create data if no forum data found
// get all users
def users = SecUser.list()
// create 3 sections
('A'..'C').each { sectionLetter ->
def sectionTitle = "Section ${sectionLetter}"
def section = new Section(title: sectionTitle).save()
// create 4 topics per section
(1..4).each { topicNumber ->
def topicTitle = "Topic ${sectionLetter}-${topicNumber}"
def topicDescription = "Description of ${topicTitle}"
def topic = new Topic(section: section, title: topicTitle, description: topicDescription).save()
// create 10-20 threads each topic
def numberOfThreads = random.nextInt(11)+10
(1..numberOfThreads).each { threadNo ->
def opener = users[random.nextInt(100)]
def subject = "Subject ${sectionLetter}-${topicNumber}-${threadNo} "
def thread = new DiscussionThread(topic:topic, subject:subject, opener:opener).save()
new Comment(thread:thread, commentBy:opener, body:generateRandomComment()).save()
// create 10-35 replies per thread
def numberOfReplies = random.nextInt(26)+10
numberOfReplies.times {
def commentBy = users[random.nextInt(100)]
new Comment(thread:thread, commentBy:commentBy, body:generateRandomComment()).save()
}
}
}
}
}
}
private String generateRandomComment() {
def numberOfWords = random.nextInt(50) + 15
StringBuilder sb = new StringBuilder()
numberOfWords.times {
def randomWord = words[random.nextInt(words.length)]
sb.append("${randomWord} ")
}
return sb.toString()
}
def destroy = {
}
}
我正在尽我所能来弄清楚发生了什么,但我没有关于问题是什么的错误信息,而且教程没有帮助我找出原因。
UPDATE !!
在查看我收到的回复之后,我回过头来再次查看链接中发布的教程,发现我的问题确实与允许的角色和访问列表有关。
以下是我需要使用的许可访问/角色/资源列表,并了解更多信息:
// Added by the Spring Security Core plugin: grails.plugin.springsecurity.userLookup.userDomainClassName = 'furqanforum.SecUser' grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'furqanforum.SecUserSecRole' grails.plugin.springsecurity.authority.className = 'furqanforum.SecRole' grails.plugin.springsecurity.controllerAnnotations.staticRules = [ '/': ['permitAll'], '/forum/**': ['permitAll'], '/index': ['permitAll'], '/index.gsp': ['permitAll'], '/assets/**': ['permitAll'], '/**/js/**': ['permitAll'], '/**/css/**': ['permitAll'], '/**/images/**': ['permitAll'], '/**/favicon.ico': ['permitAll'], '/login/**': ['permitAll'], '/logout/**': ['permitAll'] ]
感谢所有积极帮助我帮助自己并获得新技能的人!
我正在阅读有关弹簧安全性和调整的更多信息,并且我学习。但根据检查的答案以及回复和建议,这解决了我的问题,
答案 0 :(得分:1)
您无法在不进行任何配置更改的情况下从版本1.x更改为2.x.阅读What's New信息,更具体地阅读更改here。
以前插件允许访问,除非它需要用户没有的角色,但现在插件默认拒绝所有访问,除非明确允许。使用插件的1.x版本的旧教程不会意识到这一点。