在Grails 3实验(https://github.com/davebrown1975/grails-multientrypoint-security)中,我难以正确配置Spring Security以利用2个不同的用户域,在本例中为Montagues&Capulets。每种类型的用户都应该有自己的登录页面,并限制他们可以或不能访问的内容。即登录的Capulet应该无法查看Montagues的页面,反之亦然。
因此,要建立这些规则,我有2种不同的用户类型,不同的视图和身份验证页面以及自定义过滤器,身份验证提供程序和入口点。
但是,根据我的GebSpec的当前行为,尝试调用受保护的Montague页面不会重定向到预期的Montague登录页面,而是重定向到插件默认的Login。所以也许问题出在下面的过滤器配置:
grails.plugin.springsecurity.filterChain.filterNames = [
'securityContextPersistenceFilter', 'logoutFilter',
'authenticationProcessingFilter',
'rememberMeAuthenticationFilter', 'anonymousAuthenticationFilter',
'exceptionTranslationFilter', 'filterInvocationInterceptor'
]
grails.plugin.springsecurity.filterChain.chainMap = [
[pattern: '/assets/**', filters: 'none'],
[pattern: '/**/js/**', filters: 'none'],
[pattern: '/**/css/**', filters: 'none'],
[pattern: '/**/images/**', filters: 'none'],
[pattern: '/**/favicon.ico', filters: 'none'],
[pattern: '/capulets/**', filters: 'securityContextPersistenceFilter,logoutFilter,capuletsAuthenticationFilter,' +
'authenticationProcessingFilter,rememberMeAuthenticationFilter,anonymousAuthenticationFilter,' +
'exceptionTranslationFilter,filterInvocationInterceptor'],
[pattern: '/montagues/**', filters: 'securityContextPersistenceFilter,logoutFilter,montaguesAuthenticationFilter,' +
'authenticationProcessingFilter,rememberMeAuthenticationFilter,anonymousAuthenticationFilter,' +
'exceptionTranslationFilter,filterInvocationInterceptor'],
[pattern: '/**', filters: 'JOINED_FILTERS,-montaguesAuthenticationFilter,-capuletsAuthenticationFilter']
]
对此将提供任何帮助。
谢谢