我正在使用Sec插件3.1.2测试Grails 3.2.9。
在 bootstrap 中创建了一个角色为ROLE_ADMIN的用户,并为测试 Controller “note”添加了对interceptUrlMap的权限。与该用户成功登录后,我在日志中看到我的管理员具有ROLE_NO_ROLES并被拒绝访问note Controller 。
User, role and user role association is on the database.
def adminRole = Role.findOrSaveByAuthority('ROLE_ADMIN')
def admin = new User(username: 'admin', password: 'admin').save()
UserRole.create admin, adminRole
application.groovy
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.cabolabs.security.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.cabolabs.security.UserRole'
grails.plugin.springsecurity.authority.className = 'com.cabolabs.security.Role'
grails.plugin.springsecurity.authority.groupAuthorityNameField = 'authorities'
grails.plugin.springsecurity.useRoleGroups = true
...
grails.plugin.springsecurity.interceptUrlMap = [
[pattern: '/note/**', access: ['ROLE_ADMIN']],
[pattern: '/patient/**', access: ['ROLE_ADMIN']],
[pattern: '/login/**', access: ['permitAll']],
[pattern: '/logout', access: ['permitAll']],
[pattern: '/logout/**', access: ['permitAll']],
[pattern: '/dbconsole/**', access: ['permitAll']],
[pattern: '/**', access: ["IS_AUTHENTICATED_FULLY"]]
]
...
Logs after login, when I try to go to /note/index
2017-05-11 23:32:15.793 DEBUG --- [nio-8091-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@8d34560b: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_NO_ROLES; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: F0902A19E19C23D30B452C332C6C5728; Granted Authorities: ROLE_NO_ROLES
2017-05-11 23:32:15.793 DEBUG --- [nio-8091-exec-4] o.s.s.a.h.RoleHierarchyImpl : getReachableGrantedAuthorities() - From the roles [ROLE_NO_ROLES] one can reach [ROLE_NO_ROLES] in zero or more steps.
2017-05-11 23:32:15.805 DEBUG --- [nio-8091-exec-4] tContextHolderExceptionTranslationFilter : Access is denied (user is not anonymous); delegating to AccessDeniedHandler
有什么想法吗?
试图在Sec插件文档中查找指针,但是只提到了ROLE_NO_ROLES一次,并且在用户没有角色时分配了该指针,不是这种情况。
最佳答案
如果您的useRoleGroups = true,则必须使用以下命令填充数据库:
Role adminRole = new Role("ROLE_ADMIN").save()
RoleGroup adminGroup = new RoleGroup("GROUP_ADMIN").save()
RoleGroupRole.create(adminGroup, adminRole, true)
User user = new User("<username>", "<password>").save()
UserRoleGroup.create(user, adminGroup, true)
代替
def adminRole = Role.findOrSaveByAuthority('ROLE_ADMIN')
def admin = new User(username: 'admin', password: 'admin').save()
UserRole.create admin, adminRole
关于grails - 具有角色ROLE_ADMIN的用户的Grails Security 3.1.2登录显示ROLE_NO_ROLES为权限,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43928549/