[英]grails spring security core plugin not working
I am trying to spring security plugin 3.2.1 for grails 3.3.5. 我正在尝试将grails 3.3.5的spring安全插件3.2.1。
Below is my static rules in application groovy 以下是我在应用程序常规中的静态规则
[pattern: '/error', access: ['permitAll']],
[pattern: '/index', access: ['permitAll']],
[pattern: '/index.gsp', access: ['permitAll']],
[pattern: '/shutdown', access: ['permitAll']],
[pattern: '/assets/**', access: ['permitAll']],
[pattern: '/fonts/**', access: ['permitAll']],
[pattern: '/**/js/**', access: ['permitAll']],
[pattern: '/**/css/**', access: ['permitAll']],
[pattern: '/**/images/**', access: ['permitAll']],
[pattern: '/**/favicon.ico', access: ['permitAll']],
[pattern: '/user/**', access: 'ROLE_USER'],
[pattern: '/admin/**', access:['ROLE_ADMIN','isFullyAuthenticated()']],
[pattern: '/inputParam/chipInput/', access: 'isAuthenticated()',httpMethod: 'PUT']
grails.plugin.springsecurity.filterChain.chainMap = [
[pattern: '/assets/**', filters: 'none'],
[pattern: '/**/js/**', filters: 'none'],
[pattern: '/**/css/**', filters: 'none'],
[pattern: '/**/images/**', filters: 'none'],
[pattern: '/**/favicon.ico', filters: 'none']
but it still allows user and /inputParam/chipInput/ page without login . 但它仍然允许用户和/ inputParam / chipInput /页面无需登录。 I have secured annotations @Secured('ROLE_USER') already in both the controllers.
我已经在两个控制器中都有安全的批注@Secured('ROLE_USER')。 What am I doing wrong?
我究竟做错了什么?
It seems to me that the pattern may not be correct and/or the access expression is incorrect. 在我看来,该模式可能不正确和/或访问表达式不正确。 Try changing your rule to:
尝试将规则更改为:
[pattern: '/inputParam/chipInput', access: ["isAuthenticated() and request.getMethod().equals('PUT')"]
See the section on expressions in Grails Spring Security Core docs . 请参阅Grails Spring Security Core文档中有关表达式的部分 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.