Grails - Spring 安全插件 - 添加 'ROLE_ADMIN' 后用户有 'ROLE_NO_ROLES'
Grails - Spring Security Plugin - User has 'ROLE_NO_ROLES' after adding 'ROLE_ADMIN'
我正在使用 Grails 开发 Web 应用程序,我正在尝试使用 Admin Interface Plugin。出于测试目的,我使用以下代码行从 BootStrap.groovy 创建了一个管理员用户:
def init = { servletContext ->
def adminUser = User.findByUsername("episo_admin_root")
if(!adminUser){
print "Creating admin user... "
adminUser = new User(username: username, emailAddress: emailAddress, password: password, birthDate: new Date(1, 1, 1),
sex: Sex.AGENDER, enabled: true, accountConfirmed: true, accountCreationDate: new Date())
adminUser.save(flush: true, failOnError: true)
def auth = adminUser.addAuthority(Roles.ROLE_ADMIN)
auth.save(flush: true, failOnError: true)
}
}
我还添加了以下语句来检查用户是否获得了角色:
if(adminUser.authorities.any { it.authority == Roles.ROLE_ADMIN }) println "Admin role added."
此检查通过,并且 "Admin role added." 被打印到控制台。
这是我的 Spring 安全配置:
grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
grails.plugin.springsecurity.interceptUrlMap = [
'/': ['permitAll'],
'/home': ['permitAll'],
'/home.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
...
...
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/admin/**': ['ROLE_ADMIN']
]
这是我对管理界面插件的配置:
grails.plugin.admin.accessRoot = "/admin"
grails.plugin.admin.domains."Users" = [ "mypackage.User" ]
grails.plugin.admin.domains."My Groups" = [ "mypackage.Group" ]
grails.plugin.admin.domains."Security Groups" = [ 'mypackage.Authority', 'mypackage.UserAuthority' ]
grails.plugin.springsecurity.active = true
grails.plugin.springsecurity.useBasicAuth = true
grails.plugin.admin.security.role = "ROLE_ADMIN"
然而,当我以新的管理员用户身份登录并导航到“/admin”时,我得到了 Apache Tomcat "HTTP Status 403 - Access is Denied" 页面,并且以下调试信息被记录到控制台:
Secure object: FilterInvocation: URL: /admin; Attributes: [ROLE_ADMIN]
Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@5ff53bc5: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@d7469d37: Username: [PROTECTED]; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_NO_ROLES; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: [PROTECTED]; SessionId: null; Granted Authorities: ROLE_NO_ROLES
如果您横向滚动该调试信息,您会看到 Spring 安全性将 "Granted Authorities" 视为 ROLE_NO_ROLES。
我是不是在给用户添加角色的时候做错了什么?为什么 Spring 安全人员看不到我已授予此用户 ROLE_ADMIN?
我花了几个小时尝试调试它,但我不明白我的代码有什么问题。
我明白了;我从解决我的问题的配置文件中删除了以下行:
grails.plugin.springsecurity.useRoleGroups = true
我正在使用 Grails 开发 Web 应用程序,我正在尝试使用 Admin Interface Plugin。出于测试目的,我使用以下代码行从 BootStrap.groovy 创建了一个管理员用户:
def init = { servletContext ->
def adminUser = User.findByUsername("episo_admin_root")
if(!adminUser){
print "Creating admin user... "
adminUser = new User(username: username, emailAddress: emailAddress, password: password, birthDate: new Date(1, 1, 1),
sex: Sex.AGENDER, enabled: true, accountConfirmed: true, accountCreationDate: new Date())
adminUser.save(flush: true, failOnError: true)
def auth = adminUser.addAuthority(Roles.ROLE_ADMIN)
auth.save(flush: true, failOnError: true)
}
}
我还添加了以下语句来检查用户是否获得了角色:
if(adminUser.authorities.any { it.authority == Roles.ROLE_ADMIN }) println "Admin role added."
此检查通过,并且 "Admin role added." 被打印到控制台。 这是我的 Spring 安全配置:
grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
grails.plugin.springsecurity.interceptUrlMap = [
'/': ['permitAll'],
'/home': ['permitAll'],
'/home.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
...
...
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/admin/**': ['ROLE_ADMIN']
]
这是我对管理界面插件的配置:
grails.plugin.admin.accessRoot = "/admin"
grails.plugin.admin.domains."Users" = [ "mypackage.User" ]
grails.plugin.admin.domains."My Groups" = [ "mypackage.Group" ]
grails.plugin.admin.domains."Security Groups" = [ 'mypackage.Authority', 'mypackage.UserAuthority' ]
grails.plugin.springsecurity.active = true
grails.plugin.springsecurity.useBasicAuth = true
grails.plugin.admin.security.role = "ROLE_ADMIN"
然而,当我以新的管理员用户身份登录并导航到“/admin”时,我得到了 Apache Tomcat "HTTP Status 403 - Access is Denied" 页面,并且以下调试信息被记录到控制台:
Secure object: FilterInvocation: URL: /admin; Attributes: [ROLE_ADMIN]
Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@5ff53bc5: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@d7469d37: Username: [PROTECTED]; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_NO_ROLES; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: [PROTECTED]; SessionId: null; Granted Authorities: ROLE_NO_ROLES
如果您横向滚动该调试信息,您会看到 Spring 安全性将 "Granted Authorities" 视为 ROLE_NO_ROLES。
我是不是在给用户添加角色的时候做错了什么?为什么 Spring 安全人员看不到我已授予此用户 ROLE_ADMIN?
我花了几个小时尝试调试它,但我不明白我的代码有什么问题。
我明白了;我从解决我的问题的配置文件中删除了以下行:
grails.plugin.springsecurity.useRoleGroups = true