我正在使用Grails开发一个Web应用程序,并且正在尝试使用管理界面插件。出于测试目的,我使用以下代码行从 BootStrap.groovy 创建了一个管理员用户:
def init = { servletContext ->
def adminUser = User.findByUsername("episo_admin_root")
if(!adminUser){
print "Creating admin user... "
adminUser = new User(username: username, emailAddress: emailAddress, password: password, birthDate: new Date(1, 1, 1),
sex: Sex.AGENDER, enabled: true, accountConfirmed: true, accountCreationDate: new Date())
adminUser.save(flush: true, failOnError: true)
def auth = adminUser.addAuthority(Roles.ROLE_ADMIN)
auth.save(flush: true, failOnError: true)
}
}
我还添加了以下语句来检查用户是否正在获取角色:
if(adminUser.authorities.any { it.authority == Roles.ROLE_ADMIN }) println "Admin role added."
此检查通过,并且"已添加管理员角色"将打印到控制台。 以下是我对 Spring 安全性的配置:
grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
grails.plugin.springsecurity.interceptUrlMap = [
'/': ['permitAll'],
'/home': ['permitAll'],
'/home.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
...
...
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/admin/**': ['ROLE_ADMIN']
]
这是我对管理界面插件的配置:
grails.plugin.admin.accessRoot = "/admin"
grails.plugin.admin.domains."Users" = [ "mypackage.User" ]
grails.plugin.admin.domains."My Groups" = [ "mypackage.Group" ]
grails.plugin.admin.domains."Security Groups" = [ 'mypackage.Authority', 'mypackage.UserAuthority' ]
grails.plugin.springsecurity.active = true
grails.plugin.springsecurity.useBasicAuth = true
grails.plugin.admin.security.role = "ROLE_ADMIN"
但是,当我以新的管理员用户身份登录并导航到"/admin"时,我收到 Apache Tomcat"HTTP 状态 403 - 访问被拒绝"页面,并且以下调试信息将记录到控制台:
Secure object: FilterInvocation: URL: /admin; Attributes: [ROLE_ADMIN]
Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@5ff53bc5: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@d7469d37: Username: [PROTECTED]; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_NO_ROLES; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: [PROTECTED]; SessionId: null; Granted Authorities: ROLE_NO_ROLES
如果您在该调试信息上横向滚动,您将看到 Spring 安全性看到"授予的权限"ROLE_NO_ROLES.
我在向用户添加角色时是否做错了什么?为什么 Spring 安全看不到我已授予此用户ROLE_ADMIN?
我花了几个小时试图调试它,但我无法理解我的代码出了什么问题。
我想通了;我从配置文件中删除了以下行,解决了我的问题:
grails.plugin.springsecurity.useRoleGroups = true