在Grails中使用Spring Security和Requestmap失败 [英] Using Spring Security and Requestmap fails in Grails

查看:332
本文介绍了在Grails中使用Spring Security和Requestmap失败的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我是Grails的新手。我从头开始一个新项目,并将Spring Security Core添加为认证和授权(我正在使用GGTS作为工具)。我的问题是,如果我开始使用Requestmap,即使使用我在网上找到的说明,它也不起作用。这是我的配置。





Buildconfig.groovy: 

 compile':spring-security-core:2.0-RC4'





我用来创建默认对象的命令

  s2-quickstart com.company。 foob​​ar User Privilege Requestmap





Config.groovy 

  grails.plugin.springsecurity.rejectIfNoRule = true 
 grails.plugin.springsecurity.fii.rejectPublicInvocations = false 
 
 grails.plugin.springsecurity.logout.postOnly = false 
 
 //由Spring Security Core插件添加:
 grails.plugin.springsecurity.userLookup.userDomainClassName ='com.company .foobar.User'
 grails.plugin.springsecurity.userLookup.authorityJoinClassName ='com.company.foobar.UserPrivilege'
 grails.plugin.springsecurity.authority.className ='com.company.foobar.Privilege '
 grails.plugin.springsecurity.requestM ap.className ='com.company.foobar.Requestmap'
 grails.plugin.springsecurity.securityConfigType = grails.plugin.springsecurity.SecurityConfigType.Requestmap 
 
 // ****我有尝试上面和下面(下面是默认的一个)。 
 
 grails.plugin.springsecurity.securityConfigType ='请求映射'





BootStrap.groovy

$ p $ for(String url in [
'/', '/ index','/index.gsp','/**/favicon.ico',
'/ assets / **','/ ** / js / **','/ ** / css / **','/ ** / images / **',
'/ login','/login.*','/ login / **',
'/ logout', '/logout.*','/ logout / **']){
新的Requestmap(url:url,configAttribute:'ROLE_ANONYMOUS')。save()
}

//我已经尝试了这两个(上面和下面)
//我已经尝试配置属性为
// IS_AUTHENTICATED_ANONYMOUSLY,permitAll
//和ROLE_ANONYMOUS(以及其他几个)

新的请求地图(url:'/ **',configAttribute:'IS_AUTHENTICATED_ANONYMOUSLY')。save();
new Requestmap(url:'/ logout / **',configAttribute:'ROLE_ANONYMOUS')。save();
新的Requestmap(url:'/ login / **',configAttribute:'ROLE_ANONYMOUS')。save()
新的请求地图(url:'/ index / **',configAttribute:'ROLE_ANONYMOUS') 。保存();

注意:DB正确填充。





事情是那个数据库被正确填充,但我得到这些错误:

  hierarchicalroles.RoleHierarchyImpl setHierarchy() - 设置以下角色层次结构:
 intercept.FilterSecurityInterceptor验证过的配置属性
 web.DefaultSecurityFilterChain创建过滤链:Ant [pattern ='/ ** '],[org.springframework.security.web.context.SecurityContextPersistenceFilter@7f4446e0,grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter@5b895d66,grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter@1753027d,org。 springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4ac86881,grails.plugin.springsecurity.web.filter.GrailsRememberMeAuthenticationFilter@2b451382,grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter@4403d1ff,org.s pringframework.security.web.access.ExceptionTranslationFilter@56cfdf3b,org.springframework.security.web.access.intercept.FilterSecurityInterceptor@6948c703] 
 |服务器正在运行。浏览到http:// localhost:8080 / foobar 
 .... matcher.AntPathRequestMatcher请求'/index.gsp'匹配通用模式'/ **'
 web.FilterChainProxy /index.gsp at位于附加滤波器链中的第1个8位;发射过滤器:'SecurityContextPersistenceFilter'
 context.HttpSessionSecurityContextRepository当前不存在HttpSession 
 context.HttpSessionSecurityContextRepository没有SecurityContext从HttpSession中可用:null。一个新的将被创建。 
 web.FilterChainProxy /index.gsp位于附加过滤器链8的位置2;在另外的过滤器链中,在8位的第3位放置Filter:'MutableLogoutFilter'
 web.FilterChainProxy /index.gsp;启动过滤器:'RequestHolderAuthenticationFilter'
 web.FilterChainProxy /index.gsp位于附加过滤器链中第8位;在另外的过滤器链中,在第8位的第5位使用Filter:'SecurityContextHolderAwareRequestFilter'
 web.FilterChainProxy /index.gsp;在另外的过滤器链中,在第8位的第6位放置过滤器:'GrailsRememberMeAuthenticationFilter'
 web.FilterChainProxy /index.gsp;在另外的过滤器链中,位于第7位的第8位的web.FilterChainProxy /index.gsp过滤器:'GrailsAnonymousAuthenticationFilter'
;在另外的过滤器链中,8位8位的过滤器:'ExceptionTranslationFilter'
 web.FilterChainProxy /index.gsp;点击过滤器:'FilterSecurityInterceptor'
 intercept.FilterSecurityInterceptor安全对象:FilterInvocation:URL:/index.gsp;属性:[_DENY_] 
 intercept.FilterSecurityInterceptor先前已通过身份验证:grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken@dc4337e:委托人:org.springframework.security.core.userdetails.User@dc730200:用户名:__grails.anonymous.user__ ;密码保护];启用:false; AccountNonExpired:false; credentialsNonExpired:false; AccountNonLocked:false;授予权限:ROLE_ANONYMOUS;证书:[PROTECTED];已验证:true;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@957e:RemoteIpAddress:127.0.0.1; SessionId:null;授予的权限:ROLE_ANONYMOUS 
 hierarchicalroles.RoleHierarchyImpl getReachableGrantedAuthorities() - 从角色[ROLE_ANONYMOUS]可以在零个或多个步骤中达到[ROLE_ANONYMOUS]。 
 access.ExceptionTranslationFilter访问被拒绝(用户是匿名的);重定向到认证入口点
 org.springframework.security.access.AccessDeniedException:在grails.plugin.springsecurity.access.vote.AuthenticatedVetoableDecisionManager.decide(AuthenticatedVetoableDecisionManager.java:47)$ b $处访问被拒绝
 b在grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
在grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:49)
在grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:82)
在java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
 at java.util.concurrent.ThreadPoolExecutor $ Worker.run(ThreadPoolExecutor.java:615)$ b $在java.lang.Thread.run(Thread.java:745)
 savedrequest.HttpSessionRequestCache DefaultSavedRequest添加到Session:Default SavedRequest [http:// localhost:8080 / foobar /] 
 access.ExceptionTranslationFilter调用身份验证入口点。 
 web.DefaultRedirectStrategy重定向到'http:// localhost:8080 / foobar / login / auth'



在此之后,我得到浏览器循环错误(它尝试并尝试登录/ auth页面始终得到相同的答案)。我已经在stackoverflow中检查了答案,但是我的配置就像在这些答案中一样,并且仍然没有帮助。



我已经试过了,它并没有帮助我, Grails的spring security没有提供登录页面由于重定向循环(我有像上面的答案一样的配置)。



什么可行



如果我在Config.groovy中取出请求映射并使用静态定义,所有东西都像魅力一样,但我需要使用DB进行配置(从那里继续)。
<似乎是与[hibernate4插件] [2] *相关的​​[issue] [1]。



使用Grails 2.5默认安装的hibernate-plugin(BuildConfig.groovy)是:


  runtime :hibernate4:4.3.8.1//或:hibernate:3.6.10.18

Th是明显不工作securityConfigType ='请求映射'

所以我试过...




  • 4.3 .8.2-SNAPSHOT:同样的问题。

  • 4.3.6.1:同样的问题。

  • 4.3.5.4:


    可能是您降级hibernate4插件的一个选项: 

      runtime:hibernate4:4.3.5.4


    I am new to Grails. I started a new project from scratch and added Spring Security Core as authentication and authorisation (I am using GGTS as a tool). My problem is that if I start using Requestmap, it does not work at all, even if I am using the instructions I have found all around the net. Here is my configurations.

    Buildconfig.groovy:

    compile ':spring-security-core:2.0-RC4'

    Command I used to create default objects

    s2-quickstart com.company.foobar User Privilege Requestmap

    Config.groovy

    grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations = false

grails.plugin.springsecurity.logout.postOnly = false

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.company.foobar.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.company.foobar.UserPrivilege'
grails.plugin.springsecurity.authority.className = 'com.company.foobar.Privilege'
grails.plugin.springsecurity.requestMap.className = 'com.company.foobar.Requestmap'
grails.plugin.springsecurity.securityConfigType = grails.plugin.springsecurity.SecurityConfigType.Requestmap

//**** I have tried both above and below (below is default one).

grails.plugin.springsecurity.securityConfigType = 'Requestmap'

    BootStrap.groovy

    for (String url in [
    '/', '/index', '/index.gsp', '/**/favicon.ico',
'/assets/**', '/**/js/**', '/**/css/**', '/**/images/**',
    '/login', '/login.*', '/login/**',
    '/logout', '/logout.*', '/logout/**']) {
    new Requestmap(url: url, configAttribute: 'ROLE_ANONYMOUS').save()
}

// I have tried both these (above and below)
// I have tried configuration attribute as
// IS_AUTHENTICATED_ANONYMOUSLY, permitAll
// and ROLE_ANONYMOUS (and few others too)

new Requestmap(url: '/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
new Requestmap(url: '/logout/**', configAttribute: 'ROLE_ANONYMOUS').save();
new Requestmap(url: '/login/**', configAttribute: 'ROLE_ANONYMOUS').save()
new Requestmap(url: '/index/**', configAttribute: 'ROLE_ANONYMOUS').save();

    Note: DB gets populated correctly.

    Thing is that DB gets populated correctly, but I get these errors:

    hierarchicalroles.RoleHierarchyImpl setHierarchy() - The following role hierarchy was set: 
intercept.FilterSecurityInterceptor Validated configuration attributes
web.DefaultSecurityFilterChain Creating filter chain: Ant [pattern='/**'], [org.springframework.security.web.context.SecurityContextPersistenceFilter@7f4446e0, grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter@5b895d66, grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter@1753027d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4ac86881, grails.plugin.springsecurity.web.filter.GrailsRememberMeAuthenticationFilter@2b451382, grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter@4403d1ff, org.springframework.security.web.access.ExceptionTranslationFilter@56cfdf3b, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@6948c703]
|Server running. Browse to http://localhost:8080/foobar
....matcher.AntPathRequestMatcher Request '/index.gsp' matched by universal pattern '/**'
web.FilterChainProxy /index.gsp at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
context.HttpSessionSecurityContextRepository No HttpSession currently exists
context.HttpSessionSecurityContextRepository No SecurityContext was available from the HttpSession: null. A new one will be created.
web.FilterChainProxy /index.gsp at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
web.FilterChainProxy /index.gsp at position 3 of 8 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
web.FilterChainProxy /index.gsp at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
web.FilterChainProxy /index.gsp at position 5 of 8 in additional filter chain; firing Filter: 'GrailsRememberMeAuthenticationFilter'
web.FilterChainProxy /index.gsp at position 6 of 8 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
web.FilterChainProxy /index.gsp at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
web.FilterChainProxy /index.gsp at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
intercept.FilterSecurityInterceptor Secure object: FilterInvocation: URL: /index.gsp; Attributes: [_DENY_]
intercept.FilterSecurityInterceptor Previously Authenticated: grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken@dc4337e: Principal: org.springframework.security.core.userdetails.User@dc730200: Username: __grails.anonymous.user__; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
hierarchicalroles.RoleHierarchyImpl getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps.
access.ExceptionTranslationFilter Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
    at grails.plugin.springsecurity.access.vote.AuthenticatedVetoableDecisionManager.decide(AuthenticatedVetoableDecisionManager.java:47)
    at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
    at grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:49)
    at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:82)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
savedrequest.HttpSessionRequestCache DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/foobar/]
access.ExceptionTranslationFilter Calling Authentication entry point.
web.DefaultRedirectStrategy Redirecting to 'http://localhost:8080/foobar/login/auth'

    After this I get looping error from browser (it tries and tries to login/auth page getting same answer all the time). I have checked answers in the stackoverflow, but my configs are like in those answers, and still aint helping.

    I have cheked this, its not helping me, Grails spring security fails to present the login page due to a redirect loop (I have configuration like in answer above).

    What works

    If I take out of request map and use static definitions in Config.groovy everything works like a charm, but I need to use the DB for configuration (to go further from there).

    解决方案

    Seems to be an [issue][1] related to the *[hibernate4 plugin][2]*.

    Using Grails 2.5 the hibernate-plugin installed by default (BuildConfig.groovy) is:

    runtime ":hibernate4:4.3.8.1" // or ":hibernate:3.6.10.18"

    This is obviously not working for securityConfigType = 'Requestmap'
    So I tried ...

    • 4.3.8.2-SNAPSHOT: same problem.
    • 4.3.6.1: same problem.
    • 4.3.5.4: seems to work well

    May be it is an option for you to downgrade your hibernate4 plugin:

    runtime ":hibernate4:4.3.5.4"

    这篇关于在Grails中使用Spring Security和Requestmap失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆