仅允许具有USER_ROLE权限的用户访问

Question

我收到以下错误

Class
org.springframework.expression.spel.SpelEvaluationException
Message
EL1008E:(pos 0): Field or property 'ADMIN_ROLE' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot'

我正在尝试访问My.GSP视图,我登录为 USER_ROLE

-

import org.springframework.dao.DataIntegrityViolationException
import grails.plugin.springsecurity.annotation.Secured

class MyController {

    static allowedMethods = [save: "POST", update: "POST", delete: "POST"]

    @Secured(['ADMIN_ROLE','USER_ROLE'])
    def index() {
        redirect(action: "list", params: params)
    }
    @Secured(['USER_ROLE'])
    def list(Integer max) {
        params.max = Math.min(max ?: 10, 100)
        [patientInstanceList: Patient.list(params), patientInstanceTotal: Patient.count()]
    }
    @Secured(['USER_ROLE'])
    def create() {
        [patientInstance: new Patient(params)]
    }
    @Secured(['USER_ROLE'])
    def save() {
        def patientInstance = new Patient(params)
        if (!patientInstance.save(flush: true)) {
            render(view: "create", model: [patientInstance: patientInstance])
            return
        }

        flash.message = message(code: 'default.created.message', args: [message(code: 'patient.label', default: 'Patient'), patientInstance.id])
        redirect(action: "show", id: patientInstance.id)
    }

D B

Answer 1

使用Grails中弹出安全性插件的默认设置,角色名称必须以前缀开头"ROLE_",因此请重命名ADMIN_ROLE为to ROLE_ADMIN和USER_ROLEto ROLE_USER.

此论坛帖子解释了默认情况下它的工作原理,以及如何根据需要对其进行不同的配置.