Pas*_*cal 5 spring-security grails-3.0
由于某种原因,我的 staticRules 没有被应用。
添加“org.grails.plugins:spring-security-core:3.0.0.M1”插件并执行
grails s2-quickstart com.testapp User Role
成功创建了角色用户和用户角色域。还创建了一个带有一些设置的 application.groovy 文件。
但我正在使用 application.yml 文件来配置我的应用程序。所以我将属性移动到我的 application.yml 并删除了 .groovy 文件。
由于某种原因,未应用 staticRules。可能有语法错误。
---
grails:
plugin:
springsecurity:
userLookup:
userDomainClassName: 'User'
authorityJoinClassName: 'UserRole'
authority:
className: 'Role'
apf:
postOnly: false
password:
algorithm: 'bcrypt'
controllerAnnotations:
staticRules:
/: permitAll
/error: permitAll
/index: permitAll
/index.gsp: permitAll
/shutdown: permitAll
/assets/**: permitAll
/**/js/**: permitAll
/**/css/**: permitAll
/**/images/**: permitAll
/**/favicon.ico: permitAll
mime:
disable:
accept:
header:
userAgents:
...
我尝试了多种变体,例如
'/': 'permitAll'
/: 'permitAll'
但是每次打开 localhost:8080/ 都会提示我登录!
YML 中新的 Spring 安全配置如下所示:
---
grails:
plugin:
springsecurity:
userLookup.userDomainClassName: 'org...User'
userLookup.authorityJoinClassName: 'org...UserRole'
authority.className: 'org...Role'
controllerAnnotations.staticRules:
- pattern: '/'
access: ['permitAll']
- pattern: '/index'
access: ['permitAll']
- pattern: '/index.gsp'
access: ['permitAll']
- pattern: '/error'
access: ['permitAll']
- pattern: '/user/denied'
access: ['permitAll']
- pattern: '/assets/**'
access: ['permitAll']
- pattern: '/**/js/**'
access: ['permitAll']
- pattern: '/**/css/**'
access: ['permitAll']
- pattern: '/**/images/**'
access: ['permitAll']
- pattern: '/**/favicon.ico'
access: ['permitAll']
出于测试目的(以确保此配置有效)在所有静态规则之上允许 all,但请确保稍后将其删除:
- pattern: '/**'
access: ['permitAll']
| 归档时间: |
|
| 查看次数: |
1905 次 |
| 最近记录: |