grails - Spring Security 3.0.3-如果在插件或子插件中定义YML安全配置将不起作用

Question

问题陈述

信封:
JDK 1.7
Grails 3.1.4
Spring 证券3.0.3

我们有以下项目结构
Grails应用
-我的自定义安全插件
-Grails Spring Security 3.0.3

我在自定义安全插件中定义了以下YML
应用程序

grails:
    plugin:
        springsecurity:
            active: true
            password.algorithm: 'bcrypt'
            userLookup.userDomainClassName: 'com.etorient.products.smeerp.User'
            userLookup.userAuthorityGroupsPropertyName: 'activeRightGroups'
            userLookup.userGroupPropertyName: 'activeUserGroups'
            userLookup.userGroupAuthoritiesPropertyName: 'activeAccessRights'
            userLookup.userGroupAuthorityGroupsPropertyName: 'activeRightGroups'
            userLookup.groupAuthoritiesPropertyName: 'activeAccessRights'
            userLookup.enabledPropertyName: "active"
            authority.className: 'com.etorient.products.smeerp.AccessRight'
            authority.nameField: 'rightText'
            authority.userLookup.authoritiesPropertyName: 'activeAccessRights'
            authority.userLookup.authorityJoinClassName: 'com.etorient.products.smeerp.SecUserAccessRight'
            useRoleGroups: true
            logout.postOnly: false
            rejectIfNoRule: false
            fii.rejectPublicInvocations: false
            successHandler.defaultTargetUrl: '/admin'
            securityConfigType: 'Annotation'
            controllerAnnotations.staticRules: 
                - pattern: '/'
                  access: ['permitAll']
                - pattern: '/error'
                  access: ['permitAll']
                - pattern: '/index'
                  access: ['permitAll']
                - pattern: '/index.gsp'
                  access: ['permitAll']
                - pattern: '**/assets**/**'
                  access: ['permitAll']
                - pattern: '/assets/**'
                  access: ['permitAll']
                - pattern: '/**/js/**'
                  access: ['permitAll']
                - pattern: '/error'
                  access: ['permitAll']
                - pattern: '/**/css/**'
                  access: ['permitAll']
                - pattern: '/**/images/**'
                  access: ['permitAll']
                - pattern: '/**/fonts/**'
                  access: ['permitAll']
                - pattern: '/**/favicon.ico'
                  access: ['permitAll']
                - pattern: '/**/resources**/**'
                  access: ['permitAll']
                - pattern: '/login'
                  access: ['permitAll']
                - pattern: '/login.*'
                  access: ['permitAll']
                - pattern: '/login/*'
                  access: ['permitAll']
                - pattern: '/logout'
                  access: ['permitAll']
                - pattern: '/logout.*'
                  access: ['permitAll']
                - pattern: '/logout/*'
                  access: ['permitAll']

问题:

Grails从不采用YML静态规则。要求对所有资源进行身份验证。
YML定义是否有问题或其错误？

Answer 1

您可以在/ conf目录中创建文件application.groovy，并且该文件可以包含规则，例如:

grails {
    plugin {
        springsecurity {
            .
            .
            .
            interceptUrlMap = [
                    [pattern: '/',                                          access: ['permitAll']],
                    [pattern: '/error',                                     access: ['permitAll']]
                    .
                    .
                    .
            ]
        }
    }
}