我正在使用Grails开发Web应用程序,并且正在尝试使用Admin Interface Plugin。为了进行测试,我使用以下代码行从BootStrap.groovy创建了一个管理员用户:
def init = { servletContext ->
def adminUser = User.findByUsername("episo_admin_root")
if(!adminUser){
print "Creating admin user... "
adminUser = new User(username: username, emailAddress: emailAddress, password: password, birthDate: new Date(1, 1, 1),
sex: Sex.AGENDER, enabled: true, accountConfirmed: true, accountCreationDate: new Date())
adminUser.save(flush: true, failOnError: true)
def auth = adminUser.addAuthority(Roles.ROLE_ADMIN)
auth.save(flush: true, failOnError: true)
}
}
我还添加了以下语句来检查用户是否获得了该角色:
if(adminUser.authorities.any { it.authority == Roles.ROLE_ADMIN }) println "Admin role added."
此检查通过,并且“添加了管理员角色”。打印到控制台。
这是我对Spring Security的配置:
grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
grails.plugin.springsecurity.interceptUrlMap = [
'/': ['permitAll'],
'/home': ['permitAll'],
'/home.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
...
...
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/admin/**': ['ROLE_ADMIN']
]
这是我对管理界面插件的配置:
grails.plugin.admin.accessRoot = "/admin"
grails.plugin.admin.domains."Users" = [ "mypackage.User" ]
grails.plugin.admin.domains."My Groups" = [ "mypackage.Group" ]
grails.plugin.admin.domains."Security Groups" = [ 'mypackage.Authority', 'mypackage.UserAuthority' ]
grails.plugin.springsecurity.active = true
grails.plugin.springsecurity.useBasicAuth = true
grails.plugin.admin.security.role = "ROLE_ADMIN"
但是,当我以新的管理员用户身份登录并导航到“/ admin”时,我得到了Apache Tomcat的“HTTP状态403-访问被拒绝”页面,并且以下调试信息记录到了控制台:
Secure object: FilterInvocation: URL: /admin; Attributes: [ROLE_ADMIN]
Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@5ff53bc5: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@d7469d37: Username: [PROTECTED]; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_NO_ROLES; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: [PROTECTED]; SessionId: null; Granted Authorities: ROLE_NO_ROLES
如果您在该调试信息上横向滚动,则会看到Spring Security将“授权机构”视为
ROLE_NO_ROLES
。向用户添加角色时,我做错什么了吗?为什么Spring Security无法看到我已授予该用户
ROLE_ADMIN
?我花了几个小时尝试调试它,但我不明白我的代码有什么问题。
最佳答案
我想到了;我从配置文件中删除了以下行,这解决了我的问题:
grails.plugin.springsecurity.useRoleGroups = true