Grails Spring安全性拦截UrlMap不工作
我在应用程序中使用Siteminder,但使用SpringSecurity核心插件来管理安全性的所有其他方面。我没有被阻止使用某些需要特定角色的资源,尽管如果我尝试点击该url,我会被踢到requestHeaderAuthenticationFilter Config.groovyGrails Spring安全性拦截UrlMap不工作,grails,spring-security,grails-plugin,Grails,Spring Security,Grails Plugin,我在应用程序中使用Siteminder,但使用SpringSecurity核心插件来管理安全性的所有其他方面。我没有被阻止使用某些需要特定角色的资源,尽管如果我尝试点击该url,我会被踢到requestHeaderAuthenticationFilter Config.groovy ... grails.plugin.springsecurity.securityConfigType = grails.plugin.springsecurity.SecurityConfigType.
...
grails.plugin.springsecurity.securityConfigType = grails.plugin.springsecurity.SecurityConfigType.InterceptUrlMap
grails.plugin.springsecurity.providerNames = ['preauthAuthProvider', 'anonymousAuthenticationProvider']
grails.plugin.springsecurity.filterNames = ['anonymousAuthenticationFilter','requestHeaderAuthenticationFilter']
grails.plugin.springsecurity.filterChain.filterNames = ['anonymousAuthenticationFilter','requestHeaderAuthenticationFilter']
grails.plugin.springsecurity.filterChain.chainMap = [
'/assets/**': 'anonymousAuthenticationFilter',
'/public/**': 'anonymousAuthenticationFilter',
'/auth/**': 'requestHeaderAuthenticationFilter'
]
grails.plugin.springsecurity.x509.checkForPrincipalChanges = 'true'
grails.plugin.springsecurity.logout.afterLogoutUrl='/public/'
grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/auth/home'
grails.plugin.springsecurity.interceptUrlMap = [
'/auth/admin': ['ROLE_SYSTEM_ADMIN'],
'/auth/constant/**': ['ROLE_SYSTEM_ADMIN'],
'/assets/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/public/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/auth/**': ['IS_AUTHENTICATED_FULLY']
]
当我使用taglib确定是否显示指向这些对象的链接时,它会按预期工作:
<sec:ifAnyGranted roles="ROLE_SYSTEM_ADMIN">
<g:link uri="/auth/admin">Admin</g:link>
</sec:ifAnyGranted>
所以,标签似乎工作正常,但我仍然可以去链接只是罚款这意味着我的设置一定是混乱的地方
Grails 2.4.3
Spring Security Core 2.0-RC4
grails.plugin.springsecurity.securityConfigType = "InterceptUrlMap"
通过在config.groovy中编辑这一行,我认为将有助于grails.plugin.springsecurity.securityConfigType=grails.plugin.springsecurity.securityConfigType.InterceptUrlMap将这一行替换为我答案中的那一行
grails.plugin.springsecurity.securityConfigType = "InterceptUrlMap"