小贝子编程

在 grails 2.4.3 上使用弹簧安全核心的静态安全映射



使用 spring-security-core (2.0-RC4( 时,我在静态安全映射方面遇到了问题。

'/app/client/**':                  ['IS_AUTHENTICATED_FULLY'],  
'/app/items/**':                   ['permitAll'],

和这种配置(甚至切换真/假值(

grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations = false

当我尝试访问时 

/app/items/Books

我得到 403/500(取决于配置参数(。我可以访问的唯一方法是当两个配置属性都为 false 时,所以我以我打算避免的乐观方法结束。

模式有什么不好吗?Comeone能否阐明引擎盖中会发生什么?

谢谢

更新:

grails.plugin.springsecurity.rest.login.active = true
grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'com.moviesxd.api.domain.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName = 'tokenValue'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName = 'username'
grails.plugin.springsecurity.securityConfigType = "Annotation"
grails.plugin.springsecurity.rest.token.validation.enableAnonymousAccess = true
//Workaround for weird responses when using a bearer token
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false
grails.plugin.springsecurity.rest.login.active = true
grails.plugin.springsecurity.rest.login.endpointUrl = '/security/login'
grails.plugin.springsecurity.rest.logout.endpointUrl = '/security/logout'
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.login.passwordPropertyName = 'password'
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'

更新:

'/':                                ['permitAll'],
'/index':                           ['permitAll'],
'/index.gsp':                       ['permitAll'],
'/assets/**':                       ['permitAll'],
'/**/js/**':                        ['permitAll'],
'/**/css/**':                       ['permitAll'],
'/**/images/**':                    ['permitAll'],
'/**/favicon.ico':                  ['permitAll'],

由于您使用的是设置为 true 的属性rejectIfNoRule因此您在不知不觉中阻止了对根 url 的访问,即 /。因此,通过像这样修改规则来允许该规则:

'/':                               ['permitAll'],
'/index':                          ['permitAll'],
'/index.gsp':                      ['permitAll'],
'/app/client/**':                  ['IS_AUTHENTICATED_FULLY'],  
'/app/items/**':                   ['permitAll']

阅读此处了解更多信息。
希望这有帮助!

谢谢
南非

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium