使用 spring-security-core:2.0-RC5插件,并添加了
@Secured('ROLE_USER')
转到人工 Controller ,当我转到此URL时
它假定将我转发到登录页面,因为此操作 protected ,但相反,它给了我
this page can't be displayed,如下所示。该如何解决。
最佳答案
我不确定为什么没有方括号就无法使用,但如下所示
@Secured(['ROLE_USER'])
或作为
@Secured(value=["hasRole('ROLE_USER')"])
从
@Secured(['ROLE_USER'])中可以明显看出,它采用角色列表而不是单个角色字符串。要将角色赋予字符串,您应该使用安全注释中的value属性,然后调用hasRole('your_role')。希望能帮助到你!
编辑
此外,检查 Spring 安全设置。以下是地雷:
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com..User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.UserRole'
grails.plugin.springsecurity.authority.className = 'com.Role'
grails.plugin.springsecurity.authority.groupAuthorityNameField = 'authorities'
grails.plugin.springsecurity.useRoleGroups = false
grails.plugin.springsecurity.securityConfigType = "Annotation"
grails.plugin.springsecurity.rejectIfNoRule = false
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
grails.plugin.springsecurity.successHandler.defaultTargetUrl="/home/index"
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/error': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/shutdown': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/fonts/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/login/**': ['permitAll'],
'/logout/**': ['permitAll'],
'/dbconsole/**': ['ROLE_ADMIN'],
]
希望这些会有所帮助!
关于grails - spring-security-core Grails插件,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34324764/