Grails2.4.3上使用spring安全内核的静态安全映射
使用SpringSecurityCore2.0-RC4,我在静态安全映射方面遇到了问题Grails2.4.3上使用spring安全内核的静态安全映射,grails,spring-security,Grails,Spring Security,使用SpringSecurityCore2.0-RC4,我在静态安全映射方面遇到了问题 '/app/client/**': ['IS_AUTHENTICATED_FULLY'], '/app/items/**': ['permitAll'], 这种配置甚至可以切换真/假值 grails.plugin.springsecurity.rejectIfNoRule = true grails.plugin.springsecu
'/app/client/**': ['IS_AUTHENTICATED_FULLY'],
'/app/items/**': ['permitAll'],
grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
/app/items/Books
grails.plugin.springsecurity.rest.login.active = true
grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'com.moviesxd.api.domain.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName = 'tokenValue'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName = 'username'
grails.plugin.springsecurity.securityConfigType = "Annotation"
grails.plugin.springsecurity.rest.token.validation.enableAnonymousAccess = true
//Workaround for weird responses when using a bearer token
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false
grails.plugin.springsecurity.rest.login.active = true
grails.plugin.springsecurity.rest.login.endpointUrl = '/security/login'
grails.plugin.springsecurity.rest.logout.endpointUrl = '/security/logout'
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.login.passwordPropertyName = 'password'
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
grails.plugin.springsecurity.rest.login.active = true
grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'com.moviesxd.api.domain.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName = 'tokenValue'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName = 'username'
grails.plugin.springsecurity.securityConfigType = "Annotation"
grails.plugin.springsecurity.rest.token.validation.enableAnonymousAccess = true
//Workaround for weird responses when using a bearer token
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false
grails.plugin.springsecurity.rest.login.active = true
grails.plugin.springsecurity.rest.login.endpointUrl = '/security/login'
grails.plugin.springsecurity.rest.logout.endpointUrl = '/security/logout'
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.login.passwordPropertyName = 'password'
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/app/client/**': ['IS_AUTHENTICATED_FULLY'],
'/app/items/**': ['permitAll']
SA该模式似乎没有数学化,因为它的行为类似于触发ifNoRule约束。。。但是不明白为什么。模式不应该包括应用程序的名称。例如/clients/**和/items/**应用程序不是我的应用程序的名称。。。只是我想组织我的API调用,只是一个常见的错误。另外,最好在问题中包含所有的安全配置。是否有一个好的方法来调试它,以了解为什么它不符合我的预期?谢谢。。。但是,我已经声明这些资源为permitAll。我在问题文本中放置了一个更新。好的,您的/映射到index.gsp还是其他?或者您可以访问您的根URL吗?