Spring security Grails3SpringSecurity应用程序.yml

Spring security Grails3SpringSecurity应用程序.yml,spring-security,grails-3.0,Spring Security,Grails 3.0,由于某些原因,我的静态规则不适用 添加“org.grails.plugins:springsecuritycore:3.0.0.M1”插件并执行 grails s2-quickstart com.testapp User Role 已成功创建角色用户和用户角色域。 还创建了一个带有一些设置的application.groovy文件 但我正在使用application.yml文件来配置我的应用程序。 因此,我将属性移动到application.yml并删除了.groovy文件 由于某些原因,静态

由于某些原因,我的静态规则不适用

添加“org.grails.plugins:springsecuritycore:3.0.0.M1”插件并执行

grails s2-quickstart com.testapp User Role
已成功创建角色用户和用户角色域。 还创建了一个带有一些设置的application.groovy文件

但我正在使用application.yml文件来配置我的应用程序。 因此,我将属性移动到application.yml并删除了.groovy文件

由于某些原因,静态规则不适用。可能是语法错误

---
grails:
    plugin:
        springsecurity:
            userLookup:
                userDomainClassName: 'User'
                authorityJoinClassName: 'UserRole'
            authority:
                className: 'Role'
            apf:
                postOnly: false
            password:
                algorithm: 'bcrypt'
            controllerAnnotations:
                staticRules:
                    /: permitAll
                    /error: permitAll
                    /index: permitAll
                    /index.gsp: permitAll
                    /shutdown: permitAll
                    /assets/**: permitAll
                    /**/js/**: permitAll
                    /**/css/**: permitAll
                    /**/images/**: permitAll
                    /**/favicon.ico: permitAll
    mime:
        disable:
            accept:
                header:
                    userAgents:
    ...
我尝试了多种变体,如

'/': 'permitAll'
/: 'permitAll'

但是每次我打开localhost:8080/我都会被提示登录

YML中新的Spring安全配置如下所示:

---
grails:
  plugin:
    springsecurity:
      userLookup.userDomainClassName: 'org...User'
      userLookup.authorityJoinClassName: 'org...UserRole'
      authority.className: 'org...Role'
      controllerAnnotations.staticRules:
        - pattern: '/'
          access: ['permitAll']
        - pattern: '/index'
          access: ['permitAll']
        - pattern: '/index.gsp'
          access: ['permitAll']
        - pattern: '/error'
          access: ['permitAll']
        - pattern: '/user/denied'
          access: ['permitAll']
        - pattern: '/assets/**'
          access: ['permitAll']
        - pattern: '/**/js/**'
          access: ['permitAll']
        - pattern: '/**/css/**'
          access: ['permitAll']
        - pattern: '/**/images/**'
          access: ['permitAll']
        - pattern: '/**/favicon.ico'
          access: ['permitAll']
出于测试目的(确保此配置工作),允许所有静态规则之上的所有规则,但请确保稍后删除它:

- pattern: '/**'
      access: ['permitAll']

您需要定义
grails.plugin.springsecurity.controllernotations.staticRules