Spring security Grails3SpringSecurity应用程序.yml
由于某些原因,我的静态规则不适用 添加“org.grails.plugins:springsecuritycore:3.0.0.M1”插件并执行Spring security Grails3SpringSecurity应用程序.yml,spring-security,grails-3.0,Spring Security,Grails 3.0,由于某些原因,我的静态规则不适用 添加“org.grails.plugins:springsecuritycore:3.0.0.M1”插件并执行 grails s2-quickstart com.testapp User Role 已成功创建角色用户和用户角色域。 还创建了一个带有一些设置的application.groovy文件 但我正在使用application.yml文件来配置我的应用程序。 因此,我将属性移动到application.yml并删除了.groovy文件 由于某些原因,静态
grails s2-quickstart com.testapp User Role
已成功创建角色用户和用户角色域。
还创建了一个带有一些设置的application.groovy文件
但我正在使用application.yml文件来配置我的应用程序。
因此,我将属性移动到application.yml并删除了.groovy文件
由于某些原因,静态规则不适用。可能是语法错误
---
grails:
plugin:
springsecurity:
userLookup:
userDomainClassName: 'User'
authorityJoinClassName: 'UserRole'
authority:
className: 'Role'
apf:
postOnly: false
password:
algorithm: 'bcrypt'
controllerAnnotations:
staticRules:
/: permitAll
/error: permitAll
/index: permitAll
/index.gsp: permitAll
/shutdown: permitAll
/assets/**: permitAll
/**/js/**: permitAll
/**/css/**: permitAll
/**/images/**: permitAll
/**/favicon.ico: permitAll
mime:
disable:
accept:
header:
userAgents:
...
我尝试了多种变体,如
'/': 'permitAll'
/: 'permitAll'
但是每次我打开localhost:8080/我都会被提示登录 YML中新的Spring安全配置如下所示:
---
grails:
plugin:
springsecurity:
userLookup.userDomainClassName: 'org...User'
userLookup.authorityJoinClassName: 'org...UserRole'
authority.className: 'org...Role'
controllerAnnotations.staticRules:
- pattern: '/'
access: ['permitAll']
- pattern: '/index'
access: ['permitAll']
- pattern: '/index.gsp'
access: ['permitAll']
- pattern: '/error'
access: ['permitAll']
- pattern: '/user/denied'
access: ['permitAll']
- pattern: '/assets/**'
access: ['permitAll']
- pattern: '/**/js/**'
access: ['permitAll']
- pattern: '/**/css/**'
access: ['permitAll']
- pattern: '/**/images/**'
access: ['permitAll']
- pattern: '/**/favicon.ico'
access: ['permitAll']
出于测试目的(确保此配置工作),允许所有静态规则之上的所有规则,但请确保稍后删除它:
- pattern: '/**'
access: ['permitAll']
您需要定义
grails.plugin.springsecurity.controllernotations.staticRules