0
grailsプロジェクトをv3にアップグレードしたとき、セキュリティプラグインの問題などの多くの問題に遭遇しました。次のように次Grails3スプリングセキュリティプラグインリクエストマップモードが動作しない
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.watlms.AppUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.watlms.AppUserAppRole'
grails.plugin.springsecurity.authority.className = 'com.watlms.AppRole'
grails.plugin.springsecurity.requestMap.className = 'com.watlms.Requestmap'
grails.plugin.springsecurity.securityConfigType = 'Requestmap'
println grails.plugin.springsecurity.securityConfigType
grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations= false
ブートストラップとして
application.groovy:ログイン後
class BootStrap {
def init = { servletContext ->
def userRole = new AppRole(authority: 'ROLE_USER').save()
def testUser = new AppUser(username: 'bill', password: 'bill').save()
def testUser2 = new AppUser(username: 'me', password: 'me').save()
AppUserAppRole.create testUser, userRole
AppUserAppRole.create testUser2, userRole
AppUserAppRole.withSession {
it.flush()
it.clear()
}
for (String url in [
'/', '/error', '/index', '/index.gsp', '/**/favicon.ico', '/shutdown',
'/assets/**', '/**/js/**', '/**/css/**', '/**/images/**',
'/login', '/login.*', '/login/*',
'/logout', '/logout.*', '/logout/*']) {
new Requestmap(url: url, configAttribute: 'permitAll').save()
}
new Requestmap(url: '/', configAttribute: 'ROLE_USER').save()
new Requestmap(url: '/*', configAttribute: 'ROLE_USER').save()
new Requestmap(url: '/test/**', configAttribute: 'ROLE_USER').save()
}
def destroy = {
}
}
、私はRequestmapで設定されたURLを開くためにアクセスしていません。
2017-05-24 14:31:51.051 DEBUG --- [nio-8080-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframew[email protected]bbe6c400: Principal: [email protected]: Username: me; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]fffbcba8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 29A241F597CE1A095B91953EA5529E8B; Granted Authorities: ROLE_USER
2017-05-24 14:31:51.051 DEBUG --- [nio-8080-exec-2] o.s.s.a.h.RoleHierarchyImpl : getReachableGrantedAuthorities() - From the roles [ROLE_USER] one can reach [ROLE_USER] in zero or more steps.
2017-05-24 14:31:51.052 DEBUG --- [nio-8080-exec-2] tContextHolderExceptionTranslationFilter : Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AbstractAccessDecisionManager.checkAllowIfAllAbstainDecisions(AbstractAccessDecisionManager.java:70)
at grails.plugin.springsecurity.access.vote.AuthenticatedVetoableDecisionManager.decide(AuthenticatedVetoableDecisionManager.groovy:50)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)