我正在開發一個使用Grails的Web應用程序,並且我正在嘗試使用Admin Interface Plugin。Grails - Spring Security Plugin - 添加'ROLE_ADMIN'後用戶有'ROLE_NO_ROLES'
def init = { servletContext ->
def adminUser = User.findByUsername("episo_admin_root")
if(!adminUser){
print "Creating admin user... "
adminUser = new User(username: username, emailAddress: emailAddress, password: password, birthDate: new Date(1, 1, 1),
sex: Sex.AGENDER, enabled: true, accountConfirmed: true, accountCreationDate: new Date())
adminUser.save(flush: true, failOnError: true)
def auth = adminUser.addAuthority(Roles.ROLE_ADMIN)
auth.save(flush: true, failOnError: true)
}
}
我還添加以下語句來檢查用戶是否被越來越作用:
if(adminUser.authorities.any { it.authority == Roles.ROLE_ADMIN }) println "Admin role added."
出於測試目的,我使用下面的代碼行創建一個管理員用戶從BootStrap.groovy中
此檢查通過,並添加「管理員角色」。被打印到控制檯。 這裏是我的春季安全配置:
grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
grails.plugin.springsecurity.interceptUrlMap = [
'/': ['permitAll'],
'/home': ['permitAll'],
'/home.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
...
...
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/admin/**': ['ROLE_ADMIN']
]
這裏是我的管理界面插件配置:
grails.plugin.admin.accessRoot = "/admin"
grails.plugin.admin.domains."Users" = [ "mypackage.User" ]
grails.plugin.admin.domains."My Groups" = [ "mypackage.Group" ]
grails.plugin.admin.domains."Security Groups" = [ 'mypackage.Authority', 'mypackage.UserAuthority' ]
grails.plugin.springsecurity.active = true
grails.plugin.springsecurity.useBasicAuth = true
grails.plugin.admin.security.role = "ROLE_ADMIN"
然而,當我登錄使用新的管理員用戶,並導航到「/管理」我得到的Apache Tomcat‘HTTP狀態403 - 訪問被拒絕’頁面,下面的調試信息被記錄到控制檯:
Secure object: FilterInvocation: URL: /admin; Attributes: [ROLE_ADMIN]
Previously Authenticated: org.springframew[email protected]5ff53bc5: Principal: [email protected]: Username: [PROTECTED]; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_NO_ROLES; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: [PROTECTED]; SessionId: null; Granted Authorities: ROLE_NO_ROLES
如果滾動sidew在這個調試信息上,你會看到Spring Security認爲「授予權限」爲ROLE_NO_ROLES
。
我在向用戶添加角色時做錯了什麼? Spring Security爲什麼不能看到我已授予此用戶ROLE_ADMIN
?
我花了幾個小時試圖調試這個,我不明白我的代碼有什麼問題。