spring-security-shiro org.apache.shiro.authc.AccountException: 未登录或匿名
spring-security-shiro org.apache.shiro.authc.AccountException: Not logged in or anonymous
我正在将我的应用程序从 grails 2.4.4 迁移到 grails 3.2.9。
我正在尝试迁移到
compile 'org.grails.plugins:spring-security-shiro:3.0.1'
当我尝试使用用户登录时出现以下错误:
org.apache.shiro.authc.AccountException: Not logged in or anonymous
at grails.plugin.springsecurity.shiro.SpringSecurityRealm.getCurrentUser(SpringSecurityRealm.groovy:76)
at grails.plugin.springsecurity.shiro.SpringSecurityRealm.doGetAuthenticationInfo(SpringSecurityRealm.groovy:95)
at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
at org.apache.shiro.subject.Subject$login.call(Unknown Source)
在我的申请规则中,我有:
[pattern: '/login/auth/**', access: ['permitAll']],
在 grails 2.4.4 中,我可以调试 dbRealm.groovy 文件,但我不能使用新插件来做到这一点。
我知道用户没有登录,因为这是我正在尝试做的,但为什么它认为我的用户是匿名的?
基于https://grails-plugins.github.io/grails-spring-security-shiro/v3/index.html#permissions
This will transitively install the Spring Security Core plugin, so
you’ll need to configure that by running the s2-quickstart script.
所以在看https://grails-plugins.github.io/grails-spring-security-core/
在 https://grails-plugins.github.io/grails-spring-security-core/3.1.x/index.html(因为您使用的是 Grails 3.2.x)
3.5. Anonymous authentication
In standard Spring Security and older versions of the plugin, there is
support for an “anonymous” authentication. This is implemented by a
filter that registers a simple Authentication in the SecurityContext
to remove the need for null checks, since there will always be an
Authentication available. This approach is still problematic though
because the Principal of the anonymous authentication is a String,
whereas it is a UserDetails instance when there is a non-anonymous
authentication.
Since you still have to be careful to differentiate between anonymous
and non-anonymous authentications, the plugin now creates an anonymous
Authentication which will be an instance of
grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken
with a standard org.springframework.security.core.userdetails.User
instance as its Principal. The authentication will have a single
granted role, ROLE_ANONYMOUS.
和
5.2. URLs and Authorities
In each approach you configure a mapping for a URL pattern to the
role(s) that are required to access those URLs, for example,
/admin/user/** requires ROLE_ADMIN. In addition, you can combine the
role(s) with SpEL expressions and/or tokens such as
IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_REMEMBERED, and
IS_AUTHENTICATED_FULLY. One or more voters (Voters) will process any
tokens and enforce a rule based on them:
IS_AUTHENTICATED_ANONYMOUSLY
signifies that anyone can access this URL. By default the AnonymousAuthenticationFilter ensures an “anonymous” Authentication
with no roles so that every user has an authentication. The token
accepts any authentication, even anonymous.
The SpEL expression permitAll is equivalent to IS_AUTHENTICATED_ANONYMOUSLY and is typically more intuitive to use
我正在将我的应用程序从 grails 2.4.4 迁移到 grails 3.2.9。
我正在尝试迁移到
compile 'org.grails.plugins:spring-security-shiro:3.0.1'
当我尝试使用用户登录时出现以下错误:
org.apache.shiro.authc.AccountException: Not logged in or anonymous
at grails.plugin.springsecurity.shiro.SpringSecurityRealm.getCurrentUser(SpringSecurityRealm.groovy:76)
at grails.plugin.springsecurity.shiro.SpringSecurityRealm.doGetAuthenticationInfo(SpringSecurityRealm.groovy:95)
at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
at org.apache.shiro.subject.Subject$login.call(Unknown Source)
在我的申请规则中,我有:
[pattern: '/login/auth/**', access: ['permitAll']],
在 grails 2.4.4 中,我可以调试 dbRealm.groovy 文件,但我不能使用新插件来做到这一点。
我知道用户没有登录,因为这是我正在尝试做的,但为什么它认为我的用户是匿名的?
基于https://grails-plugins.github.io/grails-spring-security-shiro/v3/index.html#permissions
This will transitively install the Spring Security Core plugin, so you’ll need to configure that by running the s2-quickstart script.
所以在看https://grails-plugins.github.io/grails-spring-security-core/ 在 https://grails-plugins.github.io/grails-spring-security-core/3.1.x/index.html(因为您使用的是 Grails 3.2.x)
3.5. Anonymous authentication
In standard Spring Security and older versions of the plugin, there is support for an “anonymous” authentication. This is implemented by a filter that registers a simple Authentication in the SecurityContext to remove the need for null checks, since there will always be an Authentication available. This approach is still problematic though because the Principal of the anonymous authentication is a String, whereas it is a UserDetails instance when there is a non-anonymous authentication.
Since you still have to be careful to differentiate between anonymous and non-anonymous authentications, the plugin now creates an anonymous Authentication which will be an instance of grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken with a standard org.springframework.security.core.userdetails.User instance as its Principal. The authentication will have a single granted role, ROLE_ANONYMOUS.
和
5.2. URLs and Authorities
In each approach you configure a mapping for a URL pattern to the role(s) that are required to access those URLs, for example, /admin/user/** requires ROLE_ADMIN. In addition, you can combine the role(s) with SpEL expressions and/or tokens such as IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_REMEMBERED, and IS_AUTHENTICATED_FULLY. One or more voters (Voters) will process any tokens and enforce a rule based on them:
IS_AUTHENTICATED_ANONYMOUSLY signifies that anyone can access this URL. By default the AnonymousAuthenticationFilter ensures an “anonymous” Authenticationwith no roles so that every user has an authentication. The token accepts any authentication, even anonymous.
The SpEL expression permitAll is equivalent to IS_AUTHENTICATED_ANONYMOUSLY and is typically more intuitive to use