由于重定向循环，Grails Spring安全性无法显示登录页面 [英] Grails spring security fails to present the login page due to a redirect loop

问题描述

我将当前的spring安全性插件升级为
$ b

• spring-security-core-2.0-RC2


• spring-security-ui-1.0-RC1

问题

，我发现我的登录屏幕不再显示。在Chrome中，它表示此页面有一个重定向循环

解决问题的步骤

因此，我试图创建一个名为Test的全新应用程序来尝试隔离问题。

首先，我安装了安全性和security-ui插件，在 BuildConfig.groovy 中添加以下条目：

  compile：spring -security-core：2.0-RC2
 compile：spring-security-ui：1.0-RC1
  

其次我运行了quick start命令，如下所示：

$ p $ grac s2-quickstart安全人员权限请求映射

，它在名为security：Authority.groovy，Person.groovy，PersonAuthority的包下创建了4个域对象。 groovy和Requestmap.groovy

以及将以下内容添加到 Config.groovy

  //由Spring Sec添加urity Core插件：
 grails.plugin.springsecurity.userLookup.userDomainClassName ='security.Person'
 grails.plugin.springsecurity.userLookup.authorityJoinClassName ='security.PersonAuthority'
 grails.plugin。 springsecurity.authority.className ='security.Authority'
 grails.plugin.springsecurity.requestMap.className ='security.Requestmap'
 grails.plugin.springsecurity.securityConfigType ='Requestmap'
 grails .plugin.springsecurity.controllerAnnotations.staticRules = [
'/'：['permitAll']，
'/ index'：['permitAll']，
'/index.gsp'： ['permitAll']，
'/ ** / js / **'：['permitAll']，
'/ ** / css / **'：['permitAll']，
'/ ** / images / **'：['permitAll']，
'/**/favicon.ico'：['permitAll'] 
] 
  

最后，我通过执行 grails run-app 命令来运行应用程序，我期望登录页面（ auth。 gsp ）现在不再是你的代码的一部分，而是插件（按设计）返回

  C \myPathToGrails\.grails\2.2.2\projects\Test\plugins\spring-security-core-2.0-RC2\grails-app\views\login\auth.gsp 
  

但是我收到一个空白页面，指出此页面有重定向循环。

我还添加了下列staticRules，清理应用程序，并重新运行它以查看它是否可以解决问题，但重定向消息仍然存在。

 '/ login / **'：['permitAll']，
'/ login / auth / **'：['permitAll']， 
'/login.gsp'：['permitAll'] 
  

任何人都有任何想法怎么样为了解决这个问题？

在此先感谢您。 '使用 Requestmap 作为安全配置类型，您的 controllerAnnotations.staticRules 没有任何作用。

您需要在 RequestMap 表中配置规则，并使您的登录控制器和公共网页匿名访问，而无需登录：

  new Requestmap（url：'/ *'，configAttribute：'IS_AUTHENTICATED_ANONYMOUSLY'）。save（）; 
 new Requestmap（url：'/ logout / **'，configAttribute：'IS_AUTHENTICATED_REMEMBERED，IS_AUTHENTICATED_FULLY'）。save（）; 
 new Requestmap（url：'/ login / **'，configAttribute：'IS_AUTHENTICATED_ANONYMOUSLY'）。save（）
新的请求地图（url：'/ index / **'，configAttribute：'IS_AUTHENTICATED_ANONYMOUSLY'） 。保存（）; 
  

I have upgraded my current spring security plugins to

• spring-security-core-2.0-RC2
• spring-security-ui-1.0-RC1

PROBLEM

and I noticed that my login screen no longer shows up. In Chrome it says This page has a redirect loop

STEPS TO RECREATE THE PROBLEM

So I have tried to create a brand new application called Test to try to isolate the problem.

First, I installed the security and security-ui plugins by adding the following entries in the BuildConfig.groovy:

compile ":spring-security-core:2.0-RC2"    
compile ":spring-security-ui:1.0-RC1"

Second I ran the quick start command as follows:

grails s2-quickstart security Person Authority Requestmap

and it created 4 domain objects as follows under a package called security: Authority.groovy, Person.groovy, PersonAuthority.groovy and Requestmap.groovy

as well as added the following to my Config.groovy

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'security.Person'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'security.PersonAuthority'
grails.plugin.springsecurity.authority.className = 'security.Authority'
grails.plugin.springsecurity.requestMap.className = 'security.Requestmap'
grails.plugin.springsecurity.securityConfigType = 'Requestmap'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    '/':                              ['permitAll'],
    '/index':                         ['permitAll'],
    '/index.gsp':                     ['permitAll'],
    '/**/js/**':                      ['permitAll'],
    '/**/css/**':                     ['permitAll'],
    '/**/images/**':                  ['permitAll'],
    '/**/favicon.ico':                ['permitAll']
]

Finally, I have run the app by doing a grails run-app command where I would expect the login page (auth.gsp) that now is no longer part of your code but of the plugin (by design) to be returned

C\myPathToGrails\.grails\2.2.2\projects\Test\plugins\spring-security-core-2.0-RC2\grails-app\views\login\auth.gsp

but instead I get a blank page stating that this page has a redirect loop.

I have also added the following staticRules, cleaning the app, and re-running it again to see if it would fix the problem but the redirect message still ocurred.

'/login/**':                      ['permitAll'],
'/login/auth/**':                 ['permitAll'],
'/login.gsp':                     ['permitAll']

Anybody has any idea of how to get around this?

Thanks in advance.

解决方案

You're using Requestmap as security config type, your controllerAnnotations.staticRules does not have any effect.

You need configure rules in RequestMap table, and enable your login controller and public pages to anonymous can access without login like:

    new Requestmap(url: '/*', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
    new Requestmap(url: '/logout/**', configAttribute: 'IS_AUTHENTICATED_REMEMBERED,IS_AUTHENTICATED_FULLY').save();
    new Requestmap(url: '/login/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save()
    new Requestmap(url: '/index/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();

这篇关于由于重定向循环，Grails Spring安全性无法显示登录页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！