问题描述
嗨在我的grails应用程序中,我使用了spring security在我的一个查看页面(GSP)
i中做了一个ajax调用,其中一个控制器
,但是请求被拒绝,并且我最终在Login控制器中的ajaxDenied()'动作中。
这里是我的ajax调用 p>
函数setTagged(id)
{
alert(id);
$ .ajax({
url:./email/setTagged,
type:post,
// data:{ids:JSON.stringify(idList),option:option,id:id}
success:function(data){
alert(data); //< -----这会在浏览器控制台中记录数据
},
error:function( xhr){
alert(xhr.responseText); //< ----当没有数据提示err msg
}
});
alert(here 1 );
}
这里是我的config.groovy部分,spring安全插件允许页面是
accesible
//由Spring Security Core插件添加:
grails.plugin.springsecurity.userLookup.userDomainClassName ='com.spi.User'
grails。 plugin.springsecurity.userLookup.authorityJoinClassName ='com.spi.UserRole'
grails.plugin.springsecurity.authority.className ='com.spi.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/':['permitAll'],
'/ index':['permitAll'],
'/ login / *':['permitAll'] ,
'/ home / *':['permitAll'],
'/ logout / *':['permitAll'],
$ b'b'/ message / *': ['permitAll'],
'/ ticket / *':['permitAll'],
'/ email / *':['permitAll'],
'/ role / *' :['permitAll'],
/ user / *':['permitAll'],
$ b'b'/index.gsp':['permitAll'],
'/ ** / js / ** ':['permitAll'],
'/ ** / css / **':['permitAll'],
'/ ** / images / **':['permitAll'],
'/**/favicon.ico':['permitAll']]
任何建议我怎样才能通过ajax调用从我自己的控制器调用任何动作???
你的spring的版本是什么 - 安全性插件?
我不知道这是否是问题,但2.0版默认情况下更安全并使用悲观锁定(和)。
您是否为自己的行为定义了@secured注释?
hi In my grails application I am using spring security
in one of my view page (GSP)i am making an ajax call to an action in one of the controllerbut the request is denied and i end up in the "ajaxDenied()' action in Login controller
here is my ajax call
function setTagged(id)
{
alert(id);
$.ajax({
url: "./email/setTagged",
type:"post",
// data:{ids:JSON.stringify(idList), option:option, id:id}
success: function(data) {
alert(data); //<-----this logs the data in browser's console
},
error: function(xhr){
alert(xhr.responseText); //<----when no data alert the err msg
}
});
alert("here 1");
}
here is my config.groovy part where spring security plugin allows which pages to beaccesible
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.spi.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.spi.UserRole'
grails.plugin.springsecurity.authority.className = 'com.spi.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/login/*': ['permitAll'],
'/home/*': ['permitAll'],
'/logout/*': ['permitAll'],
'/message/*': ['permitAll'],
'/ticket/*': ['permitAll'],
'/email/*': ['permitAll'],
'/role/*': ['permitAll'],
'/user/*': ['permitAll'],
'/index.gsp': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll']]
any suggestion how can i call any action from my own controllers via an ajax call ???
What is the version of your spring-security plugin ?
I don't know if it is the problem, but the version 2.0 is more aggressively secure by default and use the pessimistic lockdown (What's New and Pessimistic Lockdown).
Did you define the @secured annotation for your action ?
这篇关于ajax在Spring Security中拒绝了这个请求,Grails的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!