FilterSecurityInterceptor返回_DENY_當Grails的控制器已命名空間中定義

Question

我的環境

• 的grails：2.3.5
• 彈簧安全核：2.0 RC2
• 彈簧安全LDAP：2.0- RC2
• 彈簧安全休息：1.2.3

我簡單的API工作正常，沒有namespac e但是當我向我的控制器添加命名空間時開始返回403。即使當我通過X-Auth-Token的有效值時，我也會得到403。

AuthorController.groovy

package bookstore 

import grails.plugin.springsecurity.annotation.Secured import 
grails.rest.RestfulController 

@Secured(['IS_AUTHENTICATED_FULLY']) 
class AuthorController extends RestfulController { 

    static namespace = "testing" 
    static responseFormats = ['json', 'xml'] 

    AuthorController() { 
    super(Author) 
    } 
} 

UrlMappings.groovy

"/authors"(resources:"author", namespace:"testing") 

記錄

我打開了記錄上的安全代碼，並記錄了與以下plac中的命名空間e：

DEBUG context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed 
DEBUG util.AntPathRequestMatcher - Request '/authors' matched by universal pattern '/**' 
DEBUG web.FilterChainProxy - /authors at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
DEBUG web.FilterChainProxy - /authors at position 2 of 10 in additional filter chain; firing Filter: 'RestLogoutFilter' 
DEBUG rest.RestLogoutFilter - Actual URI is /authors; endpoint URL is /logout 
DEBUG web.FilterChainProxy - /authors at position 3 of 10 in additional filter chain; firing Filter: 'MutableLogoutFilter' 
DEBUG web.FilterChainProxy - /authors at position 4 of 10 in additional filter chain; firing Filter: 'RestAuthenticationFilter' 
DEBUG rest.RestAuthenticationFilter - Actual URI is /authors; endpoint URL is /login 
DEBUG web.FilterChainProxy - /authors at position 5 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
DEBUG web.FilterChainProxy - /authors at position 6 of 10 in additional filter chain; firing Filter: 'GrailsRememberMeAuthenticationFilter' 
DEBUG web.FilterChainProxy - /authors at position 7 of 10 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter' 
DEBUG web.FilterChainProxy - /authors at position 8 of 10 in additional filter chain; firing Filter: 'RestTokenValidationFilter' 
DEBUG rest.RestTokenValidationFilter - Looking for a token value in the header 'X-Auth-Token' 
DEBUG rest.RestTokenValidationFilter - Token found: xxxxxxxxxxxxxxxxx 
DEBUG rest.RestTokenValidationFilter - Trying to authenticate the token 
DEBUG rest.RestAuthenticationProvider - Trying to validate token xxxxxxxxxxxxxxxxx 
DEBUG storage.MemcachedTokenStorageService - Searching in Memcached for UserDetails of token xxxxxxxxxxxxxxxxx 
DEBUG storage.MemcachedTokenStorageService - UserDetails found: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@: Dn: XXXXXXX; Username: username; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: 
DEBUG rest.RestAuthenticationProvider - Authentication result: com.odobo.grails.plugin.springsecurity.rest.RestAuthenticationToken@: Principal: N/A; Credentials: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities 
DEBUG rest.RestTokenValidationFilter - Token authenticated. Storing the authentication result in the security context 
DEBUG rest.RestTokenValidationFilter - Authentication result: com.odobo.grails.plugin.springsecurity.rest.RestAuthenticationToken@: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@: Dn: XXXXXXX; Username: username; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: 
DEBUG rendering.DefaultRestAuthenticationTokenJsonRenderer - Generated JSON: 
{ 
    "username": "username", 
    "token": "xxxxxxxxxxxxxxxxx", 
    "roles": [] 
} 
DEBUG rest.RestTokenValidationFilter - Actual URI is /authors; validate endpoint URL is /validate 
DEBUG rest.RestTokenValidationFilter - Continuing the filter chain 
DEBUG web.FilterChainProxy - /authors at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
DEBUG web.FilterChainProxy - /authors at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
DEBUG intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /authors; Attributes: [_DENY_] 
DEBUG intercept.FilterSecurityInterceptor - Previously Authenticated: com.odobo.grails.plugin.springsecurity.rest.RestAuthenticationToken@: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@: Dn: XXXXXXX; Username: username; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: 
in zero or more steps. 
DEBUG access.ExceptionTranslationFilter - Access is denied (user is not anonymous); delegating to AccessDeniedHandler 
Message: Access is denied 
    Line | Method 
->> 47 | decide    in grails.plugin.springsecurity.access.vote.AuthenticatedVetoableDecisionManager 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
|  88 | processFilterChain in com.odobo.grails.plugin.springsecurity.rest.RestTokenValidationFilter 
|  58 | doFilter . . . . . in  '' 
|  53 | doFilter   in grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter 
| 108 | doFilter . . . . . in com.odobo.grails.plugin.springsecurity.rest.RestAuthenticationFilter 
|  82 | doFilter   in grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter 
|  66 | doFilter . . . . . in com.odobo.grails.plugin.springsecurity.rest.RestLogoutFilter 
|  82 | doFilter   in com.brandseye.cors.CorsFilter 
| 1145 | runWorker . . . . in java.util.concurrent.ThreadPoolExecutor 
| 615 | run    in java.util.concurrent.ThreadPoolExecutor$Worker 
^ 744 | run . . . . . . . in java.lang.Thread 
DEBUG context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed 

然後我看着名稱空間被刪除的日誌記錄。一切都是相同的，直到我下到FilterSecurityInterceptor：

DEBUG intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /authors; Attributes: [IS_AUTHENTICATED_FULLY] 
DEBUG intercept.FilterSecurityInterceptor - Previously Authenticated: com.odobo.grails.plugin.springsecurity.rest.RestAuthenticationToken@: Principal: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@: Dn: XXXXXXX; Username: username; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: 
in zero or more steps. 
DEBUG intercept.FilterSecurityInterceptor - Authorization successful 
DEBUG intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object 
DEBUG web.FilterChainProxy - /authors reached end of additional filter chain; proceeding with original chain 
DEBUG access.ExceptionTranslationFilter - Chain processed normally 
DEBUG context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed 

是否有人可以解釋爲什麼我得到DENY當我的控制有一個命名空間。我想嘗試版本化我的Web服務，並且需要命名空間。我一整天都在看這個，似乎無法取得任何進展。

在此先感謝。

Answer 1

插件中不支持名稱空間控制器，請參閱http://jira.grails.org/browse/GPSPRINGSECURITYCORE-246。它可能會在2.0最終版本中實施。