[英]authorisation with Spring Security Grails plugin
I'm using the Spring Security Grails plugin. 我正在使用Spring Security Grails插件。 Because my User and Role classes are not GORM objects, I I've replaced the
UserDetailsService
provided by the plugin with my own implementation: 因为我的User和Role类不是GORM对象,所以我用自己的实现替换了插件提供的
UserDetailsService
:
class CustomUserDetailsService implements UserDetailsService {
static transactional = false
private static final log = LogFactory.getLog(this)
@Autowired
private UserManager userManager
@Autowired
private RoleManager roleManager
UserDetails loadUserByUsername(String username) {
User user = userManager.getUserByEmail(username)
UserDetails userDetails = new UserAdapter(user, roleManager)
log.debug "user '$username' has roles: ${userDetails.authorities?.authority}"
userDetails
}
}
When I login, I see the following message is logged from CustomUserDetailsService.loadUserByUsername()
登录时,我看到从
CustomUserDetailsService.loadUserByUsername()
记录以下消息
user 'a5511120@nepwk.com' has roles: [USER]
用户'a5511120@nepwk.com'具有以下角色:[USER]
So it seems that the user has been assigned the USER role. 因此,似乎已为用户分配了USER角色。 However, when I then try and access an action of this controller:
但是,当我随后尝试访问此控制器的操作时:
@Secured(['ROLE_USER', 'ROLE_ADMINISTRATOR'])
class MyProfileController {
def someAction = { // impl omitted }
}
I get bounced to the access denied page. 我跳到拒绝访问页面。 I'm pretty sure that the user is logged in, because the access denied page contains markup such as
我非常确定该用户已登录,因为拒绝访问页面包含诸如以下的标记
<sec:ifLoggedIn>
protected content
</sec:ifLoggedIn>
and the protected content is displayed. 并显示受保护的内容。 So it seems that somehow the USER role is not associated with the current user, when the controller authorisation is performed.
因此,当执行控制器授权时,似乎USER角色与当前用户无关。 The log message suggests that the
UserDetailsService
is OK. 日志消息表明
UserDetailsService
正常。
The solution is to make sure that the role names in the domain class/database begin with "ROLE_", as per the annotation parameters. 解决方案是根据注释参数,确保域类/数据库中的角色名称以“ ROLE_”开头。
All credit for this answer goes to @BurtBeckwith and @tim_yates, who provided the solution in comments. 此答案的全部功劳归于@BurtBeckwith和@tim_yates,他们在评论中提供了解决方案。 I'm converting their comments to an answer, as future readers may easily miss their comments.
我正在将他们的评论转换为答案,因为将来的读者可能会很容易错过他们的评论。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.