堆栈内存溢出
  简体   繁体   English

使用grails spring安全核心插件保护URL映射

[英]Securing URL mapping with grails spring security core plugin

 原文  2012-03-13 08:28:22       security/ grails/ plugins/ spring-security

问题描述

Just what the title says, I am trying to secure pages using Spring's security core. 正如标题所说的那样,我正在尝试使用Spring的安全核心保护页面。 Consider the following URL mapping (suppose that home.gsp , page1.gsp , and page2.gsp exists) : 考虑以下URL映射(假设home.gsppage1.gsppage2.gsp存在): 

"/"(view:'/home')
"/page1"(view:'/page1')
"/page2"(view:'/page2')

Now, consider the following settings inside the Config.groovy : 现在,请考虑Config.groovy的以下设置: 

grails.plugin.springsecurity.interceptUrlMap = [
    '/': ['IS_AUTHENTICATED_ANONYMOUSLY'],   
    '/**': ['IS_AUTHENTICATED_FULLY']        
]

If I understand correctly, I should be able to access home without any security and I should be directed to the login page when I try to access /page1 or /page2 . 如果我理解正确,我应该能够在没有任何安全性的情况下访问家庭,当我尝试访问/page1/page2时,我应该被引导到登录页面。 Unfortunately, this doesn't seem to be the case. 不幸的是,情况似乎并非如此。 I can still access page1 and page2 directly (eg http://localhost:8080/MyGrailsProject/page1 ). 我仍然可以直接访问page1和page2(例如http:// localhost:8080 / MyGrailsProject / page1 )。

However, if I try and use @Secured annotations through a controller's actions, the security kicks in (ie the request is redirected to the login page). 但是,如果我尝试通过控制器的操作使用@Secured注释,安全性就会启动(即请求被重定向到登录页面)。 What seems to be the problem with my configuration? 我的配置似乎有什么问题? How do I secure URL maps? 如何保护URL地图?

3 个解决方案

解决方案1
 2 已采纳  2013-01-18 17:11:39

You have: 你有: 

grails.plugin.springsecurity.interceptUrlMap

It should be 它应该是 

grails.plugins.springsecurity.interceptUrlMap

Note the s on plugins. 注意插件上的s。

解决方案2
 1  2013-01-18 16:59:39

顺序很重要,你应该在顶部interceptUrlMap中拥有最严格的一个。

解决方案3
 1  2012-03-13 08:36:14

It's default approach, to use annotations. 这是默认方法,使用注释。 But if you prefer to use url map, you have to set up: 但是如果你更喜欢使用url map,你必须设置: 

grails.plugins.springsecurity.securityConfigType = "InterceptUrlMap"

See docs: http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/single.html#5.2%20Simple%20Map%20in%20Config.groovy 请参阅文档: http//grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/single.html#5.2%20Simple%20Map%20in%20Config.groovy

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Spring Security保护对插件URL的访问 - Securing access to plugin URL with spring security Spring Security:保护URL和参数 - Spring Security: Securing URL and Parameters Grails Spring核心安全插件 - 无法解析类 - Grails Spring Core Security Plugin - Unable to Resolve Classes 使用spring-security-core-ldap插件在grails中实现LDAP身份验证? - Implementing LDAP authentication in grails with spring-security-core-ldap plugin? Grails spring-security-core插件问题:User类中的密码不是字符串 - Grails spring-security-core plugin question: password in User class isn't String Grails,从 Acegi 升级到 Spring 安全插件 - Grails, upgrading from Acegi to Spring security plugin 集成测试grails spring安全插件? - Integration testing grails spring security plugin? Grails Spring安全性插件密码问题 - Grails Spring Security Plugin Password issue Grails:Spring Security插件对简单安全性是否功能强大 - Grails: Is the Spring Security Plugin Too Powerful for Simple Security Spring Security-拦截URL模式映射 - Spring security - intercept-url pattern mapping
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM