Grails：在某些路径上禁用Spring Security Core [英] Grails: disable Spring Security Core on certain paths

问题描述

How do I set up Spring Security Core in a way that calls to a certain pattern (such as /api/**) are not filtered?

如何设置Spring Security Core以某种方式调用某个模式（如/ api / **） > grails.plugins.springsecurity.filterChain.chainMap = [
'/ api / **'：''，
'/ **'：'JOINED_FILTERS'，
]


grails.plugins.springsecurity.filterChain.chainMap = [ '/api/**': '', '/**': 'JOINED_FILTERS', ]

不起作用，因为它会尝试解析bean''。

doesn't work, since it will try to resolve the bean ''.

有没有比'JOINED_FILTERS，-filter1，-filter2，...'这个讨厌的解决方法还有其他问题？

Is there anything other than the nasty workaround with 'JOINED_FILTERS,-filter1,-filter2,...'

是否被Spring Security排除了静态资源？

How are static resources being excluded from Spring Security?

推荐答案

您需要将匿名过滤器添加到您的过滤器链中。
如果你遵循了grails spring security rest配置教程，你可能会得到如下代码：

You need to add the anonymous filter to your filter chain. If you followed the grails spring security rest configuration tutorial you probably got the following code:

grails.plugin.springsecurity.filterChain.chainMap = [
    //Stateless chain
    [
        pattern: '/**',
        filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
    ]
]

请注意， strong> -anonymousAuthenticationFilter ，它会从您的过滤器链中删除此过滤器。
通过从代码中删除此部分（-anonymousAuthenticationFilter），此过滤器将返回到您的过滤器链
，以便您可以使用 @Secured（permitAll）或 @Secured（['IS_AUTHENTICATED_ANONYMOUSLY']）。

Note that you have "-anonymousAuthenticationFilter" , which removes this filter from your filter chain. By removing this part (-anonymousAuthenticationFilter) from your code, this filter will back to your filter chain, so you can use the @Secured("permitAll") or @Secured(['IS_AUTHENTICATED_ANONYMOUSLY']) again.

我的最终过滤器链图如下，并且像魅力一样工作。

My final filter chain map was the following and worked like a charm.

grails.plugin.springsecurity.filterChain.chainMap = [
    //Stateless chain
    [
        pattern: '/**',
        filters: 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
    ]
]

当您需要查看关于认证过程的更多详细信息时，将其添加到开发环境中的logback.groovy中。

Add this to you logback.groovy in the development environment when you need to see more details about the authentication process

logger("org.springframework.security", DEBUG, ['STDOUT'], false)
logger("grails.plugin.springsecurity", DEBUG, ['STDOUT'], false)
logger("org.pac4j", DEBUG, ['STDOUT'], false)

logger("StackTrace", ERROR, ['FULL_STACKTRACE'], false)
root(ERROR, ['STDOUT', 'FULL_STACKTRACE'])

如果您不使用spring security rest，则适用相同的想法。

The same idea applies if you do not use spring security rest.

这篇关于Grails：在某些路径上禁用Spring Security Core的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！