使用 spring-security-core (2.0-RC4( 时,我在静态安全映射方面遇到了问题。
'/app/client/**': ['IS_AUTHENTICATED_FULLY'],
'/app/items/**': ['permitAll'],
和这种配置(甚至切换真/假值(
grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
当我尝试访问时
/app/items/Books
我得到 403/500(取决于配置参数(。我可以访问的唯一方法是当两个配置属性都为 false 时,所以我以我打算避免的乐观方法结束。
模式有什么不好吗?Comeone能否阐明引擎盖中会发生什么?
谢谢
更新:
grails.plugin.springsecurity.rest.login.active = true
grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'com.moviesxd.api.domain.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName = 'tokenValue'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName = 'username'
grails.plugin.springsecurity.securityConfigType = "Annotation"
grails.plugin.springsecurity.rest.token.validation.enableAnonymousAccess = true
//Workaround for weird responses when using a bearer token
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false
grails.plugin.springsecurity.rest.login.active = true
grails.plugin.springsecurity.rest.login.endpointUrl = '/security/login'
grails.plugin.springsecurity.rest.logout.endpointUrl = '/security/logout'
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.login.passwordPropertyName = 'password'
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'
更新:
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
由于您使用的是设置为 true 的属性rejectIfNoRule
因此您在不知不觉中阻止了对根 url 的访问,即 /。因此,通过像这样修改规则来允许该规则:
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/app/client/**': ['IS_AUTHENTICATED_FULLY'],
'/app/items/**': ['permitAll']
阅读此处了解更多信息。
希望这有帮助!
谢谢
南非