我试图简化我的grails应用程序中的安全检查代码,但发现有一种方法可以提高服务类的安全性。
我发现一些与此相关的参考资料: https://www.mscharhag.com/grails/spring-security-call-bean-method-in-spel-expression Grails custom security evaluator 还有一些...
因此,我尝试将所有内容连接起来,而且看起来非常简单,但是当我将自定义bean配置到resources.groovy
时,出现此错误。
A component required a bean named 'parameterNameDiscoverer' that could not be found.
我的resources.groovy
看起来像这样:
import com.auth0.client.auth.AuthAPI
import grails.plugin.springsecurity.rest.RestAuthenticationProvider
import priz.auth0.Auth0APIService
import priz.auth0.Auth0TokenStorageService
import priz.auth0.Auth0TokenVerificationService
import priz.auth0.Auth0UserResolverService
import priz.security.GrailsBeanResolver
import priz.security.GrailsExpressionHandler
import priz.security.UserPasswordEncoderListener
// Place your Spring DSL code here
beans = {
expressionHandler(GrailsExpressionHandler) {
beanResolver = ref('beanResolver')
parameterNameDiscoverer = ref('parameterNameDiscoverer')
permissionEvaluator = ref('permissionEvaluator')
roleHierarchy = ref('roleHierarchy')
trustResolver = ref('authenticationTrustResolver')
}
beanResolver(GrailsBeanResolver) {
grailsApplication = ref('grailsApplication')
}
userPasswordEncoderListener(UserPasswordEncoderListener)
authApi(AuthAPI) { beanDefinition ->
beanDefinition.constructorArgs = [
'${priz.auth0.api.domain}',
'${priz.auth0.api.clientId}',
'${priz.auth0.api.clientSecret}'
]
}
auth0APIService(Auth0APIService) {
authAPI = ref('authApi')
}
auth0TokenVerificationService(Auth0TokenVerificationService)
auth0UserResolverService(Auth0UserResolverService)
tokenStorageService(Auth0TokenStorageService) {
jwtService = ref('jwtService')
userDetailsService = ref('userDetailsService')
auth0TokenVerificationService = ref('auth0TokenVerificationService')
auth0APIService = ref('auth0APIService')
auth0UserResolverService = ref('auth0UserResolverService')
}
/* restAuthenticationProvider */
restAuthenticationProvider(RestAuthenticationProvider) {
tokenStorageService = ref('tokenStorageService')
useJwt = false
jwtService = ref('jwtService')
}
}
当然,我没有在资源中专门定义parameterNameDiscoverer
,但是我希望由于没有自定义这些依赖关系,Spring Security插件已经提供了这些依赖关系。但似乎找不到它们。
我想念什么?我需要在资源中定义整个依赖关系树吗?
答案 0 :(得分:0)
这应该很简单,只需在resources.groovy
parameterNameDiscoverer(DefaultSecurityParameterNameDiscoverer)
假设您需要Spring Security(v3.2 +)随附的默认实现。目前尚不清楚您想要哪种实现,因此您可以浏览java docs。