在引导过程中返回null SecurityContext的Spring安全性

Question

在我的Grails应用程序中成功使用Spring Security时遇到问题。我安装了弹簧安全核心插件，然后运行命令来执行初始设置：分别

s2-quickstart my.package ReUser ReRole 

，其中重用器和ReRole是我的用户和角色域类。然后，我继续按照Peter Ledbrook的简化的Spring Security屏幕中的设置说明进行操作，但是当我真正尝试运行应用程序并验证用户时，我遇到了麻烦。我在Bootstrap中创建的用户名永远不会被识别（带有BadCredentialsException），而且如果我从未存储过这些用户，角色和联接类的值。但是它们存储的是Bootstrap中保存的值的数量。同时，相关的类Config.groovy中被正确地鉴定为：

grails.plugins.springsecurity.userLookup.userDomainClassName = 're.sec.ReUser' 
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 're.sec.ReUserReRole' 
grails.plugins.springsecurity.authority.className = 're.sec.ReRole' 

这些结果让我大惑不解，直到我发现在我的日志顺序如下：

web.FilterChainProxy Converted URL to lowercase, from: '/index.gsp'; to: '/index.gsp' 
web.FilterChainProxy Candidate is: '/index.gsp'; pattern is /**; matched=true 
web.FilterChainProxy /index.gsp at position 1 of 8 in additional filter chain; firing     Filter: 'SecurityContextPersistenceFilter' 
context.HttpSessionSecurityContextRepository No HttpSession currently exists 
context.HttpSessionSecurityContextRepository No SecurityContext was available from the HttpSession: null. A new one will be created. 
web.FilterChainProxy /index.gsp at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter' 
web.FilterChainProxy /index.gsp at position 3 of 8 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter' 
web.FilterChainProxy /index.gsp at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
web.FilterChainProxy /index.gsp at position 5 of 8 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' 
web.FilterChainProxy /index.gsp at position 6 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
authentication.AnonymousAuthenticationFilter Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 
web.FilterChainProxy /index.gsp at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
web.FilterChainProxy /index.gsp at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
intercept.FilterSecurityInterceptor Public object - authentication not attempted 
web.FilterChainProxy /index.gsp reached end of additional filter chain; proceeding with original chain 
access.ExceptionTranslationFilter Chain processed normally 
context.HttpSessionSecurityContextRepository SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
context.SecurityContextPersistenceFilter SecurityContextHolder now cleared, as request processing completed 

做这些enties（特别是'SecurityContext是空的或匿名的 - 上下文不会存储在HttpSession中'，所有这些都在Bootstraping过程中显示出来）解释为什么我的应用程序不能识别我在Bootstrap期间尝试存储的用户名/密码？我究竟做错了什么？

Answer 1

您是否看到关于在您引用的博文中对密码进行双重编码的说明？从版本1.2开始，用户域类对密码进行编码。如果您在创建用户时再次执行此操作（例如在BootStrap中），那么它们将被双重编码。