0
我使用的是grails 2.3.8。我知道這個問題已被問及,其中大部分是由於雙重編碼。但我仍然無法弄清楚我的問題在哪裏。 我嘗試了下面的方法,但沒有奏效。 grails spring security login is not workinggrails彈簧安全登錄不工作,試過以前的方法,不工作
Grails + Spring Security: unable to login
當我嘗試登錄,然後它顯示:
「對不起,我們無法找到與該用戶名和密碼的用戶。」
我的Config.groovy >>>
import grails.plugin.springsecurity.SecurityConfigType
// locations to search for config files that get merged into the main config;
// config files can be ConfigSlurper scripts, Java properties files, or classes
// in the classpath in ConfigSlurper format
// grails.config.locations = [ "classpath:${appName}-config.properties",
// "classpath:${appName}-config.groovy",
// "file:${userHome}/.grails/${appName}-config.properties",
// "file:${userHome}/.grails/${appName}-config.groovy"]
// if (System.properties["${appName}.config.location"]) {
// grails.config.locations << "file:" + System.properties["${appName}.config.location"]
// }
grails.project.groupId = appName // change this to alter the default package name and Maven publishing destination
// The ACCEPT header will not be used for content negotiation for user agents containing the following strings (defaults to the 4 major rendering engines)
grails.mime.disable.accept.header.userAgents = ['Gecko', 'WebKit', 'Presto', 'Trident']
grails.mime.types = [ // the first one is the default format
all: '*/*', // 'all' maps to '*' or the first available format in withFormat
atom: 'application/atom+xml',
css: 'text/css',
csv: 'text/csv',
form: 'application/x-www-form-urlencoded',
html: ['text/html','application/xhtml+xml'],
js: 'text/javascript',
json: ['application/json', 'text/json'],
multipartForm: 'multipart/form-data',
rss: 'application/rss+xml',
text: 'text/plain',
hal: ['application/hal+json','application/hal+xml'],
xml: ['text/xml', 'application/xml']
]
// URL Mapping Cache Max Size, defaults to 5000
//grails.urlmapping.cache.maxsize = 1000
// What URL patterns should be processed by the resources plugin
grails.resources.adhoc.patterns = ['/images/*', '/css/*', '/js/*', '/plugins/*']
grails.resources.adhoc.includes = ['/images/**', '/css/**', '/js/**', '/plugins/**']
// Legacy setting for codec used to encode data with ${}
grails.views.default.codec = "html"
// The default scope for controllers. May be prototype, session or singleton.
// If unspecified, controllers are prototype scoped.
grails.controllers.defaultScope = 'singleton'
// GSP settings
grails {
views {
gsp {
encoding = 'UTF-8'
htmlcodec = 'xml' // use xml escaping instead of HTML4 escaping
codecs {
expression = 'html' // escapes values inside ${}
scriptlet = 'html' // escapes output from scriptlets in GSPs
taglib = 'none' // escapes output from taglibs
staticparts = 'none' // escapes output from static template parts
}
}
// escapes all not-encoded output at final stage of outputting
// filteringCodecForContentType.'text/html' = 'html'
}
}
grails.converters.encoding = "UTF-8"
// scaffolding templates configuration
grails.scaffolding.templates.domainSuffix = 'Instance'
// Set to false to use the new Grails 1.2 JSONBuilder in the render method
grails.json.legacy.builder = false
// enabled native2ascii conversion of i18n properties files
grails.enable.native2ascii = true
// packages to include in Spring bean scanning
grails.spring.bean.packages = []
// whether to disable processing of multi part requests
grails.web.disable.multipart=false
// request parameters to mask when logging exceptions
grails.exceptionresolver.params.exclude = ['password']
// configure auto-caching of queries by default (if false you can cache individual queries with 'cache: true')
grails.hibernate.cache.queries = false
// configure passing transaction's read-only attribute to Hibernate session, queries and criterias
// set "singleSession = false" OSIV mode in hibernate configuration after enabling
grails.hibernate.pass.readonly = false
// configure passing read-only to OSIV session by default, requires "singleSession = false" OSIV mode
grails.hibernate.osiv.readonly = false
environments {
development {
grails.logging.jul.usebridge = true
}
production {
grails.logging.jul.usebridge = false
// TODO: grails.serverURL = "http://www.changeme.com"
}
}
// log4j configuration
log4j = {
// Example of changing the log pattern for the default console appender:
//
//appenders {
// console name:'stdout', layout:pattern(conversionPattern: '%c{2} %m%n')
//}
error 'org.codehaus.groovy.grails.web.servlet', // controllers
'org.codehaus.groovy.grails.web.pages', // GSP
'org.codehaus.groovy.grails.web.sitemesh', // layouts
'org.codehaus.groovy.grails.web.mapping.filter', // URL mapping
'org.codehaus.groovy.grails.web.mapping', // URL mapping
'org.codehaus.groovy.grails.commons', // core/classloading
'org.codehaus.groovy.grails.plugins', // plugins
'org.codehaus.groovy.grails.orm.hibernate', // hibernate integration
'org.springframework',
'org.hibernate',
'net.sf.ehcache.hibernate'
}
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'org.grails.twitter.auth.Person'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'org.grails.twitter.auth.PersonAuthority'
grails.plugin.springsecurity.authority.className = 'org.grails.twitter.auth.Authority'
grails.plugin.springsecurity.userLookup.userDomainClassName = "com.grailsinaction.User"
grails.plugin.springsecurity.userLookup.usernamePropertyName = "loginId"
grails.plugin.springsecurity.userLookup.passwordPropertyName = "passwordHash"
grails.plugin.springsecurity.securityConfigType = "InterceptUrlMap"
grails.plugin.springsecurity.interceptUrlMap = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/login/**': ['permitAll'],
'/logout/**': ['permitAll'],
'/secure/**': ['ROLE_ADMIN'],
'/finance/**': ['ROLE_FINANCE', 'isFullyAuthenticated()'],
'/**': ['isAuthenticated()']
]
我沒有因爲新的春天的安全插件
我BootStrap.groovy中>>>
import org.grails.twitter.auth.*
class BootStrap {
def springSecurityService
def init = { servletContext ->
if (!Person.count()) {
createData()
}
}
def destroy = {
}
private void createData() {
def userRole = new Authority(authority: 'ROLE_USER').save()
String password = springSecurityService.encodePassword('password')
[li: 'Ruifeng Li', todd: 'todd kurtz', maia: 'maia black', peter: 'Peter Lin'].each { userName, realName ->
def user = new Person(username: userName, realName: realName, password: password, enabled: true).save()
PersonAuthority.create user, userRole, true
}
}
}
我一個人登錄控制器.groovy >>>
package org.grails.twitter.auth
class Person {
transient springSecurityService
String realName
String username
String password
boolean enabled = true
boolean accountExpired
boolean accountLocked
boolean passwordExpired
static transients = ['springSecurityService']
static constraints = {
username blank: false, unique: true
password blank: false
}
static mapping = {
password column: '`password`'
}
Set<Authority> getAuthorities() {
PersonAuthority.findAllByPerson(this).collect { it.authority }
}
}
我Authority.groovy >>>
package org.grails.twitter.auth
class Authority {
String authority
static mapping = {
cache true
}
static constraints = {
authority blank: false, unique: true
}
}
my.PersonAuthority.groovy >>
package org.grails.twitter.auth
import org.apache.commons.lang.builder.HashCodeBuilder
class PersonAuthority implements Serializable {
private static final long serialVersionUID = 1
Person person
Authority authority
boolean equals(other) {
if (!(other instanceof PersonAuthority)) {
return false
}
other.person?.id == person?.id &&
other.authority?.id == authority?.id
}
int hashCode() {
def builder = new HashCodeBuilder()
if (person) builder.append(person.id)
if (authority) builder.append(authority.id)
builder.toHashCode()
}
static PersonAuthority get(long personId, long authorityId) {
PersonAuthority.where {
person == Person.load(personId) &&
authority == Authority.load(authorityId)
}.get()
}
static boolean exists(long personId, long authorityId) {
PersonAuthority.where {
person == Person.load(personId) &&
authority == Authority.load(authorityId)
}.count() > 0
}
static PersonAuthority create(Person person, Authority authority, boolean flush = false) {
def instance = new PersonAuthority(person: person, authority: authority)
instance.save(flush: flush, insert: true)
instance
}
static boolean remove(Person u, Authority r, boolean flush = false) {
if (u == null || r == null) return false
int rowCount = PersonAuthority.where {
person == Person.load(u.id) &&
authority == Authority.load(r.id)
}.deleteAll()
if (flush) { PersonAuthority.withSession { it.flush() } }
rowCount > 0
}
static void removeAll(Person u, boolean flush = false) {
if (u == null) return
PersonAuthority.where {
person == Person.load(u.id)
}.deleteAll()
if (flush) { PersonAuthority.withSession { it.flush() } }
}
static void removeAll(Authority r, boolean flush = false) {
if (r == null) return
PersonAuthority.where {
authority == Authority.load(r.id)
}.deleteAll()
if (flush) { PersonAuthority.withSession { it.flush() } }
}
static constraints = {
authority validator: { Authority r, PersonAuthority ur ->
if (ur.person == null) return
boolean existing = false
PersonAuthority.withNewSession {
existing = PersonAuthority.exists(ur.person.id, r.id)
}
if (existing) {
return 'userRole.exists'
}
}
}
static mapping = {
id composite: ['authority', 'person']
version false
}
}
是的,我只是做了。它說:「2015-04-15 20:17:25,007 [http-bio-8080-exec-10] DEBUG web.FilterChainProxy -/l ogin/authfail?login_error = 1在第8位的附加過濾器鏈中; firin g Filter:'SecurityContextPersistenceFilter'「」SecurityContext爲空或內容是匿名的 - xt xt將不會存儲在HttpSession中。「 –