访问被拒绝并获取 抱歉,在 grails 中将插件 Spring Security 核心升级到 2.0 版本后,您无权查看此页面
Posted
技术标签:
【中文标题】访问被拒绝并获取 抱歉,在 grails 中将插件 Spring Security 核心升级到 2.0 版本后,您无权查看此页面【英文标题】:Access denied and getting Sorry, you're not authorized to view this page, after upgrading plugins Spring Security core to 2.0 version in grails 【发布时间】:2014-01-08 21:04:44 【问题描述】:我正在为我的项目使用 grails 2.3.3 和 groovy 2.2.0 版本。在我决定将 spring security core 1.2.7.3、ui 0.2 和 acl 1.1.1 升级到 spring security core 2.0、ui 1.0 和 acl 2.0 之前,我工作得很好。我升级成功。但是当我尝试登录时,我收到“抱歉,您无权查看此页面”。拒绝访问消息。
我在下面的 bootstrap.groovy 文件中创建了用户。
Bootstrap.groovy
import com.vproc.member.Address;
import com.vproc.member.Profile;
import com.vproc.member.Role ;
class BootStrap
def init = servletContext ->
def userRole = Role.findByAuthority('ROLE_USER') ?: new Role(authority: 'ROLE_USER').save(failOnError: true)
def adminRole = Role.findByAuthority('ROLE_COMPANY_ADMIN') ?: new Role(authority: 'ROLE_COMPANY_ADMIN').save(failOnError: true)
def guestRole = Role.findByAuthority('ROLE_GUEST') ?: new Role(authority: 'ROLE_GUEST').save(failOnError: true)
def csrRole = Role.findByAuthority('ROLE_CSR') ?: new Role(authority: 'ROLE_CSR').save(failOnError: true)
//PersonRole.create adminUser, adminRole
def address = new Address( city : 'Pune' , stateCode : 'MH' , countryCode : 'IN' )
def adminProfile = Profile.findByEmailAddress('sachin.jha@gmail.com' )?: new Profile(
//privacyLevel: ProfilePrivacyLevelEnum.Private,
emailAddress: "sachin.jha@gmail.com" ,
phoneNumber: "9325507992",
//status : 'Active'
) //.save( failOnError: true)
def adminPerson = Person.findByUsername( 'admin') ?: new Person( username : 'admin' , password : 'passw0rd' , enabled: true , firstName: 'admin' , lastName : 'user' , profile: adminProfile , status: StatusEnum.Active ).save( failOnError: true) ;
def vprocOrganization = Organization.findByOrgName('VPROCURE') ?: new Organization ( orgName: 'VPROCURE' , orgSize : 100 , mailingAddress: address, contact: adminPerson ).save( failOnError: true)
def vprocCustomer = Customer.findByParty( vprocOrganization) ?: new Customer ( party: vprocOrganization, status: StatusEnum.Active ).save(failOnError: true) ;
def adminUser = Subscriber.findByParty(adminPerson) ?: new Subscriber( party: adminPerson, customer: vprocCustomer , status: StatusEnum.Active ).save( failOnError: true)
if ( !adminUser.authorities.contains(adminRole))
SubscriberRole.create adminUser, adminRole
JSON.registerObjectMarshaller(Date)
return it?.format("MM/dd/yyyy")
def userProfile = Profile.findByEmailAddress( 'sachin.jha.user@gmail.com') ?: new Profile(
//privacyLevel: ProfilePrivacyLevelEnum.Private,
emailAddress: "sachin.jha.user@gmail.com",
phoneNumber : "9325507992",
//status : 'Active'
) //.save( failOnError: true)
def userPerson = Person.findByUsername( 'plainuser') ?: new Person(username: 'plainuser', password : 'passw0rd' , enabled: true , firstName: 'plain' , lastName : 'user' , profile: userProfile , status: StatusEnum.Active).save( failOnError: true) ;
def plainUser = Subscriber.findByParty(userPerson) ?: new Subscriber( party: userPerson, customer: vprocCustomer , status: StatusEnum.Active ).save( failOnError : true )
if ( !plainUser.authorities.contains(userRole))
SubscriberRole.create plainUser, userRole
Category electornicsCat = Category.findByName('Electronics') ?: new Category( name:"Electronics" , description: "Electronics market").save(failOnError: true);
Category realEstateCat = Category.findByName('Real Estate') ?: new Category( name:"Real Estate" , description: "Real Estate market").save(failOnError: true);
SubCategory subcatServices = SubCategory.findByNameAndCategory( 'Services' , electornicsCat ) ?: new SubCategory( name: 'Services', category: electornicsCat).save(failOnError: true);
SubCategory subcatConsumerGoods = SubCategory.findByNameAndCategory( 'Consumer Goods' , electornicsCat ) ?: new SubCategory( name: 'Consumer Goods', category: electornicsCat).save(failOnError: true);
SubCategory subcatFlate= SubCategory.findByNameAndCategory('Flate',realEstateCat) ?: new SubCategory(name: 'Flate', category: realEstateCat).save(failOnError: true)
SubCategory subcatHousing = SubCategory.findByNameAndCategory('House',realEstateCat) ?: new SubCategory(name: 'House', category: realEstateCat).save(failOnError: true)
/*vprocCustomer.addToSubscribers(amdinUser)
vprocCustomer.addToSubscribers(plainUser)
vprocCustomer.save( failOnError : true);*/
def destroy =
Config.groovy
grails.project.groupId = appName // change this to alter the default package name and Maven publishing destination
grails.mime.file.extensions = true // enables the parsing of file extensions from URLs into the request format
grails.views.default.codec = "none" // none, html, base64
grails.resources.modules =
'custom-bootstrap'
dependsOn 'bootstrap'
resource url:[dir: 'less', file: 'custom-bootstrap.less'], attrs:[rel: "stylesheet/less", type:'css']
// set per-environment serverURL stem for creating absolute links
environments
development
grails.logging.jul.usebridge = true
production
grails.logging.jul.usebridge = false
// TODO: grails.serverURL = "http://www.changeme.com"
// log4j configuration
log4j =
// Example of changing the log pattern for the default console
// appender:
//
appenders
console name:'stdout', layout:pattern(conversionPattern: '%c2 %m%n')
error 'org.codehaus.groovy.grails.web.servlet', // controllers
'org.codehaus.groovy.grails.web.pages', // GSP
'org.codehaus.groovy.grails.web.sitemesh', // layouts
'org.codehaus.groovy.grails.web.mapping.filter', // URL mapping
'org.codehaus.groovy.grails.web.mapping', // URL mapping
'org.codehaus.groovy.grails.commons', // core / classloading
'org.codehaus.groovy.grails.plugins', // plugins
'org.codehaus.groovy.grails.orm.hibernate', // hibernate integration
'org.springframework',
'org.hibernate',
'net.sf.ehcache.hibernate'
error 'grails.app'
/* root
error 'stdout'
info 'stdout'
warn 'stdout'
debug 'stdout'
additivity = true
*/
// Added by the Spring Security Core plugin:
/*grails.plugins.springsecurity.userLookup.userDomainClassName = 'com.vproc.member.Person'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'com.vproc.member.PersonRole'
grails.plugins.springsecurity.authority.className = 'com.vproc.member.Role'*/
grails.plugin.springsecurity.securityConfigType = SecurityConfigType.InterceptUrlMap
grails.plugin.springsecurity.interceptUrlMap = [
'/login/selectOrg' : [],
'/enquiry2/**': ['ROLE_USER', 'ROLE_COMPANY_ADMIN'],
'/subscriber/**': ['ROLE_USER', 'ROLE_COMPANY_ADMIN'],
'/contact/*': ['ROLE_USER', 'ROLE_COMPANY_ADMIN'],
'/**': ['IS_AUTHENTICATED_ANONYMOUSLY']
]
// 由 Spring Security Core 插件添加:
grails.attachmentable.poster.evaluator = getPrincipal()
// 推特引导带
grails.plugins.twitterbootstrap.fixtaglib = true grails.plugins.twitterbootstrap.defaultBundle = 'bundle_bootstrap' grails.plugin.springsecurity.securityConfigType = "注解" grails.plugin.springsecurity.password.algorithm='bcrypt'
BuildConfig.groovy
plugins
build ':tomcat:7.0.47'
runtime ':hibernate:3.6.10.4'
runtime ":jquery:1.10.2"
compile ":class-diagram:0.5.2"
compile ':spring-security-core:2.0-RC2'
runtime ':resources:1.2'
runtime ":prototype:1.0"
compile ":webxml:1.4.1"
runtime ":cached-resources:1.0"
runtime ":zipped-resources:1.0"
compile ":cache-headers:1.1.5"
compile ":attachmentable:0.3.0"
compile ":avatar:0.6.3"
runtime ':spring-security-acl:2.0-RC1'
compile ":cloud-bees:0.6.2"
compile ":jquery-datatables:1.7.5"
compile ":jquery-validation:1.9"
compile ":jquery-validation-ui:1.4.7"
compile ":twitter-bootstrap:2.3.2"
compile ":lesscss-resources:1.3.3"
compile ":fields:1.3"
compile ":scaffolding:2.0.1"
compile ":jquery-ui:1.10.3"
compile ":spring-security-ui:1.0-RC1"
compile ":mail:1.0.1"
compile ":famfamfam:1.0.1"
compile ":burning-image:0.5.1"
注意:使用以前版本的 spring security core,我可以使用从 bootstrap 创建的用户登录。但现在我面临访问被拒绝的问题。对此有任何看法!
【问题讨论】:
【参考方案1】:您需要添加登录和注销规则:
grails.plugins.springsecurity.interceptUrlMap = [
// === THIS TWO LINES, for logout and login
'/logout/**' : ['IS_AUTHENTICATED_REMEMBERED,IS_AUTHENTICATED_FULLY'],
'/login/**' : ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/login/selectOrg' : [],
'/login/selectOrg' : [],
'/enquiry2/**': ['ROLE_USER', 'ROLE_COMPANY_ADMIN'],
'/subscriber/**': ['ROLE_USER', 'ROLE_COMPANY_ADMIN'],
'/contact/*': ['ROLE_USER', 'ROLE_COMPANY_ADMIN'],
'/**': ['IS_AUTHENTICATED_ANONYMOUSLY']
]
【讨论】:
嗨@ignacio-ocampom,我尝试了你的建议,但得到了同样的错误。还有什么我可以在这里尝试的吗? 你的应用重启了吗? 嗨@@ignacio-ocampom,是的,我清理并重新启动了很多次:( 我发现了你的错误!你有 grails.plugin.spr... 并且你必须有 grails.plugins.spr...、plugins 复数形式,更新了我的回答 嗨@@ignacio-ocampom,没错,就是grails.plugins.spr。根据spring security core的更新版本。【参考方案2】:我尝试了 @burt-beckwith 从 grails mailing thread 建议的以下解决方案,并像魅力一样为我工作,并且正在跟进。
grails.plugin.springsecurity.rejectIfNoRule = false
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
grails.plugin.springsecurity.securityConfigType = 'InterceptUrlMap'
grails.plugin.springsecurity.interceptUrlMap = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/login/**': ['permitAll'],
'/logout/**': ['permitAll']
]
我只做了一个与线程不同的更改,因为线程所说的对我不起作用。所以我做了一些改变,如下:
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
非常感谢@burt-beckwith。
【讨论】:
感谢这篇有用的帖子。 @NeerajBhatt,很高兴知道它对您有所帮助。 优秀的解决方案..!【参考方案3】:安全插件的新更新对 url 锁定使用了悲观的方法,这意味着它默认锁定对所有 url 的访问,除非明确指定。那么在您的情况下可能会发生什么,在成功验证后,您的默认成功 url 可能会被新版本的插件锁定。对此有三种解决方案:
1) 使用@burt-beckwith 解决方案,更改config.groovy
下的rejectPublicInvocations参数grails.plugin.springsecurity.fii.rejectPublicInvocations = false
2) 取消屏蔽您的默认成功网址,例如:
'/user/' : ['ROLE_ADMIN']**
或
'/homepage/' : ['permitAll']**
3) 在您的成功控制器或操作中明确定义权限,例如:
控制器: @Secured(['ROLE_ADMIN','ROLE_USER'])
类用户
--
行动:
@Secured(['permitAll'])
def 主页()
--
希望这会有所帮助。
【讨论】:
以上是关于访问被拒绝并获取 抱歉,在 grails 中将插件 Spring Security 核心升级到 2.0 版本后,您无权查看此页面的主要内容,如果未能解决你的问题,请参考以下文章
在 Grails 中将 CSS 作为内联样式编译成 HTML?
未经授权的访问异常 - 在C#中将文件复制到其他目录时访问被拒绝的路径
ajax请求在spring security中被拒绝,Grails