我已经在Bootstrap.groovy中创建了用户和角色。
def user = new User(username:"name", password:"pass",email:"email@gmail.rr",enabled:true).save()
我已经直接在数据库中检查了每个用户名和密码。
为了测试目的,我什至删除了编码。
但是,尝试登录时会收到此消息(我添加了一些其他日志记录)
2014-01-27 22:49:04,480 [http-bio-8090-exec-3] DEBUG filter.GrailsAnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: '{0}' 2014-01-27 22:49:04,480 [http-bio-8090-exec-4] DEBUG filter.GrailsAnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: '{0}' 2014-01-27 23:06:19,654 [http-bio-8090-exec-7] DEBUG filter.GrailsAnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: '{0}' 2014-01-27 23:06:19,833 [http-bio-8090-exec-8] DEBUG filter.GrailsAnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: '{0}' authentication grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken@dc4a600: Principal: org.springframework.security.core.userdetails.User@dc730200: Username: grails.anonymous.user; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 951C58071D49B3E3AB6D55C158C46B43; Granted Authorities: ROLE_ANONYMOUS is NOT logged in 2014-01-27 23:06:29,147 [http-bio-8090-exec-9] DEBUG authentication.RequestHolderAuthenticationFilter - Request is to process authentication 2014-01-27 23:06:30,115 [http-bio-8090-exec-9] DEBUG authentication.RequestHolderAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials 2014-01-27 23:06:30,115 [http-bio-8090-exec-9] DEBUG authentication.RequestHolderAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication 2014-01-27 23:06:30,115 [http-bio-8090-exec-9] DEBUG authentication.RequestHolderAuthenticationFilter - Delegating to authentication failure handler grails.plugin.springsecurity.web.authentication.AjaxAwareAuthenticationFailureHandler@df9533 2014-01-27 23:06:30,116 [http-bio-8090-exec-9] DEBUG authentication.AjaxAwareAuthenticationFailureHandler - Redirecting to /login/authfail?login_error=1 2014-01-27 23:06:30,165 [http-bio-8090-exec-10] DEBUG filter.GrailsAnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: '{0}' authentication failed!!!! 2014-01-27 23:06:30,235 [http-bio-8090-exec-10] DEBUG filter.GrailsAnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: '{0}' authentication grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken@dc4a600: Principal: org.springframework.security.core.userdetails.User@dc730200: Username: grails.anonymous.user; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 951C58071D49B3E3AB6D55C158C46B43; Granted Authorities: ROLE_ANONYMOUS is NOT logged in
您从此堆栈跟踪中了解什么?如果需要更多信息,我会毫不犹豫地提供:)
根据我在日志中看到的内容,当我尝试使用在数据库中创建并验证的管理员用户登录时,Spring Security尝试使用无法访问这些页面的匿名用户登录。
这是一些更多的spring安全配置
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
]
grails.plugin.springsecurity.interceptUrlMap = [
'/candidate/*': ['ROLE_ADMIN'],
]
最佳答案
这里没什么要继续的:)只是说密码错误。
由于您没有提到这是从插件的1.2.x到2.x的升级,因此不应该存在配置问题。如果是这样,并且您未进行任何配置更改,则您将使用SHA-256哈希旧密码,但会将其与bcrypt哈希密码进行比较。另外,即使您将其配置为使用SHA-256,哈希迭代的次数也从1更改为10000,因此在Config.groovy中需要grails.plugin.springsecurity.password.hash.iterations = 1
。
所以我猜你是在BootStrap.groovy中显式地对密码进行哈希处理,例如
def user = new User(username: 'me', enabled: true, password: springSecurityService.encodePassword('super_secret')).save()
但是生成的用户类会自动为您哈希,因此哈希两次。如果这样做,请将BootStrap代码更改为
def user = new User(username: 'me', enabled: true, password: 'super_secret').save()
关于grails - 身份验证失败-Grails无法提供凭据,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21392835/