Grails Spring security在引导期间返回空SecurityContext

Grails Spring security在引导期间返回空SecurityContext,grails,plugins,spring-security,Grails,Plugins,Spring Security,我在Grails应用程序中成功使用Spring安全性时遇到问题。我安装了spring security core插件,然后运行命令执行初始设置: s2-quickstart my.package ReUser ReRole 其中ReUser和ReRole分别是我的用户和角色域类。然后我继续按照Peter Ledbrook简化的Spring Security屏幕中的设置说明进行操作,但当我实际尝试运行应用程序并验证用户身份时,我遇到了麻烦。我在引导中创建的用户名从未被识别(有一个BadCrede

我在Grails应用程序中成功使用Spring安全性时遇到问题。我安装了spring security core插件,然后运行命令执行初始设置:

s2-quickstart my.package ReUser ReRole
其中ReUser和ReRole分别是我的用户和角色域类。然后我继续按照Peter Ledbrook简化的Spring Security屏幕中的设置说明进行操作,但当我实际尝试运行应用程序并验证用户身份时,我遇到了麻烦。我在引导中创建的用户名从未被识别(有一个BadCredentialsException),如果我从未存储过那些用户、角色和联接类值的话。但是它们是存储的,并且在引导中声明了保存值的计数。此外,相关类在Config.groovy中正确标识为:

grails.plugins.springsecurity.userLookup.userDomainClassName = 're.sec.ReUser'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 're.sec.ReUserReRole'
grails.plugins.springsecurity.authority.className = 're.sec.ReRole'
这些结果让我感到困惑,直到我在日志中注意到以下顺序:

web.FilterChainProxy Converted URL to lowercase, from: '/index.gsp'; to: '/index.gsp'
web.FilterChainProxy Candidate is: '/index.gsp'; pattern is /**; matched=true
web.FilterChainProxy /index.gsp at position 1 of 8 in additional filter chain; firing                    Filter: 'SecurityContextPersistenceFilter'
context.HttpSessionSecurityContextRepository No HttpSession currently exists
context.HttpSessionSecurityContextRepository No SecurityContext was available from the HttpSession: null. A new one will be created.
web.FilterChainProxy /index.gsp at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
web.FilterChainProxy /index.gsp at position 3 of 8 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
web.FilterChainProxy /index.gsp at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
web.FilterChainProxy /index.gsp at position 5 of 8 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
web.FilterChainProxy /index.gsp at position 6 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
authentication.AnonymousAuthenticationFilter Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
web.FilterChainProxy /index.gsp at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
web.FilterChainProxy /index.gsp at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
intercept.FilterSecurityInterceptor Public object - authentication not attempted
web.FilterChainProxy /index.gsp reached end of additional filter chain; proceeding with original chain
access.ExceptionTranslationFilter Chain processed normally
context.HttpSessionSecurityContextRepository SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
context.SecurityContextPersistenceFilter SecurityContextHolder now cleared, as request processing completed

这些实体(特别是“SecurityContext为空或匿名-上下文不会存储在HttpSession中”,所有这些实体都在引导过程中显示)是否解释了为什么我的应用程序无法识别我在引导过程中尝试存储的用户名/密码?我做错了什么?

你在引用的博客文章中看到关于密码双重编码的说明了吗?从版本1.2开始,用户域类对密码进行编码。如果在创建用户时(例如,在引导中)再次这样做,则用户将被双重编码。

不,我想我没有注意到这一点。你的建议为我解决了问题。谢谢