1
我使用Siteminder和一个应用程序,但使用了spring security core插件来管理安全性的所有其他方面。我没有被某些需要特定角色的资源阻止,但如果我尝试点击该网址,我会将其踢到requestHeaderAuthenticationFilter。Grails Spring Security interceptUrlMap不工作
Config.groovy中
...
grails.plugin.springsecurity.securityConfigType = grails.plugin.springsecurity.SecurityConfigType.InterceptUrlMap
grails.plugin.springsecurity.providerNames = ['preauthAuthProvider', 'anonymousAuthenticationProvider']
grails.plugin.springsecurity.filterNames = ['anonymousAuthenticationFilter','requestHeaderAuthenticationFilter']
grails.plugin.springsecurity.filterChain.filterNames = ['anonymousAuthenticationFilter','requestHeaderAuthenticationFilter']
grails.plugin.springsecurity.filterChain.chainMap = [
'/assets/**': 'anonymousAuthenticationFilter',
'/public/**': 'anonymousAuthenticationFilter',
'/auth/**': 'requestHeaderAuthenticationFilter'
]
grails.plugin.springsecurity.x509.checkForPrincipalChanges = 'true'
grails.plugin.springsecurity.logout.afterLogoutUrl='/public/'
grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/auth/home'
grails.plugin.springsecurity.interceptUrlMap = [
'/auth/admin': ['ROLE_SYSTEM_ADMIN'],
'/auth/constant/**': ['ROLE_SYSTEM_ADMIN'],
'/assets/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/public/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/auth/**': ['IS_AUTHENTICATED_FULLY']
]
当我使用上是否显示链接的标签库,它按预期工作:
<sec:ifAnyGranted roles="ROLE_SYSTEM_ADMIN">
<g:link uri="/auth/admin">Admin</g:link>
</sec:ifAnyGranted>
我在URLMappings一组中的所有内容:
static mappings = {
group("/auth") {
"/constant/$action?/$id?(.${format})?"(controller: 'constant')
"/admin"(view:'/admin')
"/"(controller:'index',action:'home')
"/home"(controller:'index',action:'home')
}
group("/public") {
"/"(controller:'index',action:'public')
"/index"(controller:'index',action:'public')
}
}
所以,标签似乎工作正常,但我仍然可以去那个链接就好了我哪我的设置必须在某个地方搞乱。
的Grails 2.4.3
的Spring Security核2.0-RC4
应该如何这条线进行编辑? – DynamiteReed
grails.plugin.springsecurity.securityConfigType = grails.plugin.springsecurity.SecurityConfigType.InterceptUrlMap将此行替换为我答案中的行 –