stackoom
  简体   繁体   中英

Grails Spring Security Static Rules

 原文  2014-12-08 05:38:27       spring/ grails/ spring-security

Question

I want all users to be authenticated before accessing my application. Following is the setting in Config.groovy: 

grails.plugin.springsecurity.controllerAnnotations.staticRules=[
    "/**": ["ROLE_ADMIN"],
    "/login/auth": ["permitAll"]
]

The reason I put "/login/auth": ["permitAll"] is that any user can have a chance to log in and be authenticated. However, when I access http://localhost:8080/myapp/ , it redirects to http://localhost:8080/myapp/login/auth and throws the error: The page isn't redirecting properly . Can you please advise what mistake I have committed here?

3 answers

solution1
 4 ACCPTED  2014-12-08 08:12:39

For first you must say to spring security what type of mapping you will be use. 

grails.plugins.springsecurity.securityConfigType = 'InterceptUrlMap'

For second 'permitAll' changed to 'IS_AUTHENTICATED_ANONYMOUSLY' And for third, if spring security find /** he didn't see another under this line. So your code must be like this: 

grails.plugins.springsecurity.securityConfigType = SecurityConfigType.InterceptUrlMap
grails.plugins.springsecurity.interceptUrlMap = [
"/login/auth": ["permitAll"],
 "/**": ["ROLE_ADMIN"]
]

solution2
 2  2015-04-23 04:24:15

TrongBang and Koloritnij are on the right track. But they're not completely correct in the context of your question. They're suggesting that you switch to a different authentication setup. (Which that will work but it doesn't solve the problem in the context of your setup.)

If you wish to keep the annotations, you're going to have to call out the controller that OAuth uses.

'/springSecurityOAuth/**': ['permitAll']

The plugin maps that controller path, but the static rules still interprets the controller and methods from that. This took some digging for me to find this out. I had your same issue, and I blogged about this (and it includes some of the details about how the Spring Security Oauth plugin works.

http://theexceptioncatcher.com/blog/2015/04/spring-security-oauth-the-missing-instructions/

solution3
 0  2014-12-09 00:45:09

The solution from Koloritnij is correct. However, it threw the following error when using SecurityConfigType.InterceptUrlMap : 

ERROR: the 'securityConfigType' property must be one of
'Annotation', 'Requestmap', or 'InterceptUrlMap' or left unspecified
to default to 'Annotation'; setting value to 'Annotation'

I have changed it to 'InterceptUrlMap' only and it worked: 

grails.plugins.springsecurity.securityConfigType = 'InterceptUrlMap'
grails.plugins.springsecurity.interceptUrlMap = [
    "/login/auth": ["permitAll"],
    "/**": ["ROLE_ADMIN"]
]

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Grails Spring Security LDAP Grails Spring Security Openid Grails 3 Spring Security Plugin GRAILS Spring Security Plugins Spring security grails plugin Grails Spring Security - security = “none” CSRF Protection with Grails Spring Security Grails Spring Security plugin and dbconsole Grails and Spring Security CAS plugin grails spring security rest plugin
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM