Grails:在某些路径上禁用Spring Security Core [英] Grails: disable Spring Security Core on certain paths
问题描述
How do I set up Spring Security Core in a way that calls to a certain pattern (such as /api/**) are not filtered?
如何设置Spring Security Core以某种方式调用某个模式(如/ api / **) > grails.plugins.springsecurity.filterChain.chainMap = [
'/ api / **':'',
'/ **':'JOINED_FILTERS',
]
grails.plugins.springsecurity.filterChain.chainMap = [
'/api/**': '',
'/**': 'JOINED_FILTERS',
]
不起作用,因为它会尝试解析bean''。
doesn't work, since it will try to resolve the bean ''.
有没有比'JOINED_FILTERS,-filter1,-filter2,...'这个讨厌的解决方法还有其他问题?
Is there anything other than the nasty workaround with 'JOINED_FILTERS,-filter1,-filter2,...'
是否被Spring Security排除了静态资源?
How are static resources being excluded from Spring Security?
推荐答案
您需要将匿名过滤器添加到您的过滤器链中。
如果你遵循了grails spring security rest配置教程,你可能会得到如下代码:
You need to add the anonymous filter to your filter chain. If you followed the grails spring security rest configuration tutorial you probably got the following code:
grails.plugin.springsecurity.filterChain.chainMap = [
//Stateless chain
[
pattern: '/**',
filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
]
]
请注意, strong> -anonymousAuthenticationFilter ,它会从您的过滤器链中删除此过滤器。
通过从代码中删除此部分(-anonymousAuthenticationFilter),此过滤器将返回到您的过滤器链
,以便您可以使用 @Secured(permitAll)或 @Secured(['IS_AUTHENTICATED_ANONYMOUSLY'])。
Note that you have "-anonymousAuthenticationFilter" , which removes this filter from your filter chain. By removing this part (-anonymousAuthenticationFilter) from your code, this filter will back to your filter chain, so you can use the @Secured("permitAll") or @Secured(['IS_AUTHENTICATED_ANONYMOUSLY']) again.
我的最终过滤器链图如下,并且像魅力一样工作。
My final filter chain map was the following and worked like a charm.
grails.plugin.springsecurity.filterChain.chainMap = [
//Stateless chain
[
pattern: '/**',
filters: 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
]
]
当您需要查看关于认证过程的更多详细信息时,将其添加到开发环境中的logback.groovy中。
Add this to you logback.groovy in the development environment when you need to see more details about the authentication process
logger("org.springframework.security", DEBUG, ['STDOUT'], false)
logger("grails.plugin.springsecurity", DEBUG, ['STDOUT'], false)
logger("org.pac4j", DEBUG, ['STDOUT'], false)
logger("StackTrace", ERROR, ['FULL_STACKTRACE'], false)
root(ERROR, ['STDOUT', 'FULL_STACKTRACE'])
如果您不使用spring security rest,则适用相同的想法。
The same idea applies if you do not use spring security rest.
这篇关于Grails:在某些路径上禁用Spring Security Core的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!