Fatal编程技术网
  • grails/
  • 在Grails中使用Spring安全性和Requestmap失败

在Grails中使用Spring安全性和Requestmap失败

grails spring-security

在Grails中使用Spring安全性和Requestmap失败,grails,spring-security,Grails,Spring Security,我不熟悉Grails。我从头开始了一个新项目,并添加了SpringSecurityCore作为身份验证和授权(我使用GGTS作为工具)。我的问题是,如果我开始使用Requestmap,它根本不起作用,即使我使用的是我在网络上找到的指令。这是我的配置 Buildconfig.groovy: compile ':spring-security-core:2.0-RC4' 用于创建默认对象的命令 s2-quickstart com.company.foobar User Privilege Re

我不熟悉Grails。我从头开始了一个新项目,并添加了SpringSecurityCore作为身份验证和授权(我使用GGTS作为工具)。我的问题是,如果我开始使用Requestmap,它根本不起作用,即使我使用的是我在网络上找到的指令。这是我的配置

Buildconfig.groovy:

compile ':spring-security-core:2.0-RC4'
用于创建默认对象的命令

s2-quickstart com.company.foobar User Privilege Requestmap
Config.groovy

grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations = false

grails.plugin.springsecurity.logout.postOnly = false

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.company.foobar.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.company.foobar.UserPrivilege'
grails.plugin.springsecurity.authority.className = 'com.company.foobar.Privilege'
grails.plugin.springsecurity.requestMap.className = 'com.company.foobar.Requestmap'
grails.plugin.springsecurity.securityConfigType = grails.plugin.springsecurity.SecurityConfigType.Requestmap

//**** I have tried both above and below (below is default one).

grails.plugin.springsecurity.securityConfigType = 'Requestmap'
BootStrap.groovy

for (String url in [
    '/', '/index', '/index.gsp', '/**/favicon.ico',
'/assets/**', '/**/js/**', '/**/css/**', '/**/images/**',
    '/login', '/login.*', '/login/**',
    '/logout', '/logout.*', '/logout/**']) {
    new Requestmap(url: url, configAttribute: 'ROLE_ANONYMOUS').save()
}

// I have tried both these (above and below)
// I have tried configuration attribute as
// IS_AUTHENTICATED_ANONYMOUSLY, permitAll
// and ROLE_ANONYMOUS (and few others too)

new Requestmap(url: '/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
new Requestmap(url: '/logout/**', configAttribute: 'ROLE_ANONYMOUS').save();
new Requestmap(url: '/login/**', configAttribute: 'ROLE_ANONYMOUS').save()
new Requestmap(url: '/index/**', configAttribute: 'ROLE_ANONYMOUS').save();
注意:数据库填充正确。

问题是DB被正确填充,但我得到以下错误:

hierarchicalroles.RoleHierarchyImpl setHierarchy() - The following role hierarchy was set: 
intercept.FilterSecurityInterceptor Validated configuration attributes
web.DefaultSecurityFilterChain Creating filter chain: Ant [pattern='/**'], [org.springframework.security.web.context.SecurityContextPersistenceFilter@7f4446e0, grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter@5b895d66, grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter@1753027d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4ac86881, grails.plugin.springsecurity.web.filter.GrailsRememberMeAuthenticationFilter@2b451382, grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter@4403d1ff, org.springframework.security.web.access.ExceptionTranslationFilter@56cfdf3b, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@6948c703]
|Server running. Browse to http://localhost:8080/foobar
....matcher.AntPathRequestMatcher Request '/index.gsp' matched by universal pattern '/**'
web.FilterChainProxy /index.gsp at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
context.HttpSessionSecurityContextRepository No HttpSession currently exists
context.HttpSessionSecurityContextRepository No SecurityContext was available from the HttpSession: null. A new one will be created.
web.FilterChainProxy /index.gsp at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
web.FilterChainProxy /index.gsp at position 3 of 8 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
web.FilterChainProxy /index.gsp at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
web.FilterChainProxy /index.gsp at position 5 of 8 in additional filter chain; firing Filter: 'GrailsRememberMeAuthenticationFilter'
web.FilterChainProxy /index.gsp at position 6 of 8 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
web.FilterChainProxy /index.gsp at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
web.FilterChainProxy /index.gsp at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
intercept.FilterSecurityInterceptor Secure object: FilterInvocation: URL: /index.gsp; Attributes: [_DENY_]
intercept.FilterSecurityInterceptor Previously Authenticated: grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken@dc4337e: Principal: org.springframework.security.core.userdetails.User@dc730200: Username: __grails.anonymous.user__; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
hierarchicalroles.RoleHierarchyImpl getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps.
access.ExceptionTranslationFilter Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
    at grails.plugin.springsecurity.access.vote.AuthenticatedVetoableDecisionManager.decide(AuthenticatedVetoableDecisionManager.java:47)
    at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
    at grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:49)
    at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:82)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
savedrequest.HttpSessionRequestCache DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/foobar/]
access.ExceptionTranslationFilter Calling Authentication entry point.
web.DefaultRedirectStrategy Redirecting to 'http://localhost:8080/foobar/login/auth'
在此之后,我从浏览器中得到循环错误(它不断尝试登录/auth页面以获得相同的答案)。我已经检查了stackoverflow中的答案,但是我的配置与这些答案中的一样,仍然没有帮助

我已经检查了这个,它对我没有帮助,(我有上面答案中的配置)

什么有效
如果我从请求映射中取出并在Config.groovy中使用静态定义,那么一切都像一个符咒,但我需要使用DB进行配置(从那里进一步)。

似乎是一个与*[hibernate4插件][2]*相关的[问题][1]

使用Grails2.5,默认安装的hibernate插件(BuildConfig.groovy)为:

这显然不适用于securityConfigType='Requestmap'
所以我试着…

  • 4.3.8.2-快照:相同的问题
  • 4.3.6.1:相同的问题
  • 4.3.5.4:似乎工作正常
这可能是您降级hibernate4插件的一个选项:

runtime ":hibernate4:4.3.5.4"
永远不要使用
ROLE\u ANONYMOUS
(如果显式使用2.0 final,我将添加一个检查以抛出一个错误)。这是一个特殊的准假角色,只应该用于插件创建的匿名用户,如果你没有登录。当您进行身份验证时,您将无法使用它,因此,如果它是唯一必需的角色,您在登录后将无法访问任何内容。感谢您的评论。我把一切都变成了高高的,虚荣的。它仍然不起作用。调试日志包含完全相同的信息。 
runtime ":hibernate4:4.3.5.4"