由于重定向循环，Grails spring security 无法显示登录页面 [英] Grails spring security fails to present the login page due to a redirect loop

问题描述

我已将当前的 spring 安全插件升级到

I have upgraded my current spring security plugins to

• spring-security-core-2.0-RC2
• spring-security-ui-1.0-RC1

问题

然后我注意到我的登录屏幕不再显示.在 Chrome 中，它说此页面有一个重定向循环

and I noticed that my login screen no longer shows up. In Chrome it says This page has a redirect loop

重现问题的步骤

所以我尝试创建一个名为 Test 的全新应用程序来尝试隔离问题.

So I have tried to create a brand new application called Test to try to isolate the problem.

首先，我通过在 BuildConfig.groovy 中添加以下条目来安装 security 和 security-ui 插件:

First, I installed the security and security-ui plugins by adding the following entries in the BuildConfig.groovy:

compile ":spring-security-core:2.0-RC2"    
compile ":spring-security-ui:1.0-RC1"

其次我按如下方式运行了快速启动命令:

Second I ran the quick start command as follows:

grails s2-quickstart security Person Authority Requestmap

并在名为 security 的包下创建了如下 4 个域对象:Authority.groovy、Person.groovy、PersonAuthority.groovy 和 Requestmap.groovy

and it created 4 domain objects as follows under a package called security: Authority.groovy, Person.groovy, PersonAuthority.groovy and Requestmap.groovy

以及将以下内容添加到我的 Config.groovy

as well as added the following to my Config.groovy

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'security.Person'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'security.PersonAuthority'
grails.plugin.springsecurity.authority.className = 'security.Authority'
grails.plugin.springsecurity.requestMap.className = 'security.Requestmap'
grails.plugin.springsecurity.securityConfigType = 'Requestmap'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    '/':                              ['permitAll'],
    '/index':                         ['permitAll'],
    '/index.gsp':                     ['permitAll'],
    '/**/js/**':                      ['permitAll'],
    '/**/css/**':                     ['permitAll'],
    '/**/images/**':                  ['permitAll'],
    '/**/favicon.ico':                ['permitAll']
]

最后，我通过执行 grails run-app 命令运行了该应用程序，我希望现在不再是登录页面 (auth.gsp) 的一部分您的代码但要返回的插件(按设计)

Finally, I have run the app by doing a grails run-app command where I would expect the login page (auth.gsp) that now is no longer part of your code but of the plugin (by design) to be returned

CmyPathToGrails.grails2.2.2projectsTestpluginsspring-security-core-2.0-RC2grails-appviewsloginauth.gsp

但是我得到了一个空白页面，说明这个页面有一个重定向循环.

but instead I get a blank page stating that this page has a redirect loop.

我还添加了以下 staticRules，清理应用程序，然后再次重新运行它以查看是否可以解决问题，但重定向消息仍然出现.

I have also added the following staticRules, cleaning the app, and re-running it again to see if it would fix the problem but the redirect message still ocurred.

'/login/**':                      ['permitAll'],
'/login/auth/**':                 ['permitAll'],
'/login.gsp':                     ['permitAll']

有人知道如何解决这个问题吗?

Anybody has any idea of how to get around this?

提前致谢.

推荐答案

您正在使用 Requestmap 作为安全配置类型，您的 controllerAnnotations.staticRules 没有任何效果.

You're using Requestmap as security config type, your controllerAnnotations.staticRules does not have any effect.

您需要在RequestMap表中配置规则，并让您的登录控制器和公共页面匿名访问，无需登录，例如:

You need configure rules in RequestMap table, and enable your login controller and public pages to anonymous can access without login like:

    new Requestmap(url: '/*', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
    new Requestmap(url: '/logout/**', configAttribute: 'IS_AUTHENTICATED_REMEMBERED,IS_AUTHENTICATED_FULLY').save();
    new Requestmap(url: '/login/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save()
    new Requestmap(url: '/index/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();

这篇关于由于重定向循环，Grails spring security 无法显示登录页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！