1
我使用Siteminder和一個應用程序,但使用了spring security core插件來管理安全性的所有其他方面。我沒有被某些需要特定角色的資源阻止,但如果我嘗試點擊該網址,我會將其踢到requestHeaderAuthenticationFilter。Grails Spring Security interceptUrlMap不工作
Config.groovy中
...
grails.plugin.springsecurity.securityConfigType = grails.plugin.springsecurity.SecurityConfigType.InterceptUrlMap
grails.plugin.springsecurity.providerNames = ['preauthAuthProvider', 'anonymousAuthenticationProvider']
grails.plugin.springsecurity.filterNames = ['anonymousAuthenticationFilter','requestHeaderAuthenticationFilter']
grails.plugin.springsecurity.filterChain.filterNames = ['anonymousAuthenticationFilter','requestHeaderAuthenticationFilter']
grails.plugin.springsecurity.filterChain.chainMap = [
'/assets/**': 'anonymousAuthenticationFilter',
'/public/**': 'anonymousAuthenticationFilter',
'/auth/**': 'requestHeaderAuthenticationFilter'
]
grails.plugin.springsecurity.x509.checkForPrincipalChanges = 'true'
grails.plugin.springsecurity.logout.afterLogoutUrl='/public/'
grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/auth/home'
grails.plugin.springsecurity.interceptUrlMap = [
'/auth/admin': ['ROLE_SYSTEM_ADMIN'],
'/auth/constant/**': ['ROLE_SYSTEM_ADMIN'],
'/assets/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/public/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/auth/**': ['IS_AUTHENTICATED_FULLY']
]
當我使用上是否顯示鏈接的標籤庫,它按預期工作:
<sec:ifAnyGranted roles="ROLE_SYSTEM_ADMIN">
<g:link uri="/auth/admin">Admin</g:link>
</sec:ifAnyGranted>
我在URLMappings一組中的所有內容:
static mappings = {
group("/auth") {
"/constant/$action?/$id?(.${format})?"(controller: 'constant')
"/admin"(view:'/admin')
"/"(controller:'index',action:'home')
"/home"(controller:'index',action:'home')
}
group("/public") {
"/"(controller:'index',action:'public')
"/index"(controller:'index',action:'public')
}
}
所以,標籤似乎工作正常,但我仍然可以去那個鏈接就好了我哪我的設置必須在某個地方搞亂。
的Grails 2.4.3
的Spring Security核2.0-RC4
應該如何這條線進行編輯? – DynamiteReed
grails.plugin.springsecurity.securityConfigType = grails.plugin.springsecurity.SecurityConfigType.InterceptUrlMap將此行替換爲我答案中的行 –