当我将grails项目升级到v3时,遇到了很多问题,例如安全性插件问题。
application.groovy如下
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.watlms.AppUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.watlms.AppUserAppRole'
grails.plugin.springsecurity.authority.className = 'com.watlms.AppRole'
grails.plugin.springsecurity.requestMap.className = 'com.watlms.Requestmap'
grails.plugin.springsecurity.securityConfigType = 'Requestmap'
println grails.plugin.springsecurity.securityConfigType
grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations= false
引导如下:
class BootStrap {
def init = { servletContext ->
def userRole = new AppRole(authority: 'ROLE_USER').save()
def testUser = new AppUser(username: 'bill', password: 'bill').save()
def testUser2 = new AppUser(username: 'me', password: 'me').save()
AppUserAppRole.create testUser, userRole
AppUserAppRole.create testUser2, userRole
AppUserAppRole.withSession {
it.flush()
it.clear()
}
for (String url in [
'/', '/error', '/index', '/index.gsp', '/**/favicon.ico', '/shutdown',
'/assets/**', '/**/js/**', '/**/css/**', '/**/images/**',
'/login', '/login.*', '/login/*',
'/logout', '/logout.*', '/logout/*']) {
new Requestmap(url: url, configAttribute: 'permitAll').save()
}
new Requestmap(url: '/', configAttribute: 'ROLE_USER').save()
new Requestmap(url: '/*', configAttribute: 'ROLE_USER').save()
new Requestmap(url: '/test/**', configAttribute: 'ROLE_USER').save()
}
def destroy = {
}
}
登录后,我无权打开Requestmap中设置的任何URL。
2017-05-24 14:31:51.051 DEBUG --- [nio-8080-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bbe6c400: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@d98: Username: me; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffbcba8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 29A241F597CE1A095B91953EA5529E8B; Granted Authorities: ROLE_USER
2017-05-24 14:31:51.051 DEBUG --- [nio-8080-exec-2] o.s.s.a.h.RoleHierarchyImpl : getReachableGrantedAuthorities() - From the roles [ROLE_USER] one can reach [ROLE_USER] in zero or more steps.
2017-05-24 14:31:51.052 DEBUG --- [nio-8080-exec-2] tContextHolderExceptionTranslationFilter : Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AbstractAccessDecisionManager.checkAllowIfAllAbstainDecisions(AbstractAccessDecisionManager.java:70)
at grails.plugin.springsecurity.access.vote.AuthenticatedVetoableDecisionManager.decide(AuthenticatedVetoableDecisionManager.groovy:50)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
最佳答案
最后,我找出了此问题的根本原因。
根据日志,很明显,安全内核无法读取由 bootstrap 初始化的requestmap数据,因为该步骤是在 bootstrap 运行之前...
我添加了一个“springSecurityService.clearCachedRequestmaps();”在 bootstrap 的末尾重新加载requestmap缓存,现在效果很好...