0
在我的Grails應用程序中成功使用Spring Security時遇到問題。我安裝了彈簧安全核心插件,然後運行命令來執行初始設置:分別在引導過程中返回null SecurityContext的Spring安全性
s2-quickstart my.package ReUser ReRole
,其中重用器和ReRole是我的用戶和角色域類。然後,我繼續按照Peter Ledbrook的簡化的Spring Security屏幕中的設置說明進行操作,但是當我真正嘗試運行應用程序並驗證用戶時,我遇到了麻煩。我在Bootstrap中創建的用戶名永遠不會被識別(帶有BadCredentialsException),而且如果我從未存儲過這些用戶,角色和聯接類的值。但是它們存儲的是Bootstrap中保存的值的數量。同時,相關的類Config.groovy中被正確地鑑定爲:
grails.plugins.springsecurity.userLookup.userDomainClassName = 're.sec.ReUser'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 're.sec.ReUserReRole'
grails.plugins.springsecurity.authority.className = 're.sec.ReRole'
這些結果讓我大惑不解,直到我發現在我的日誌順序如下:
web.FilterChainProxy Converted URL to lowercase, from: '/index.gsp'; to: '/index.gsp'
web.FilterChainProxy Candidate is: '/index.gsp'; pattern is /**; matched=true
web.FilterChainProxy /index.gsp at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
context.HttpSessionSecurityContextRepository No HttpSession currently exists
context.HttpSessionSecurityContextRepository No SecurityContext was available from the HttpSession: null. A new one will be created.
web.FilterChainProxy /index.gsp at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
web.FilterChainProxy /index.gsp at position 3 of 8 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
web.FilterChainProxy /index.gsp at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
web.FilterChainProxy /index.gsp at position 5 of 8 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
web.FilterChainProxy /index.gsp at position 6 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
authentication.AnonymousAuthenticationFilter Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
web.FilterChainProxy /index.gsp at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
web.FilterChainProxy /index.gsp at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
intercept.FilterSecurityInterceptor Public object - authentication not attempted
web.FilterChainProxy /index.gsp reached end of additional filter chain; proceeding with original chain
access.ExceptionTranslationFilter Chain processed normally
context.HttpSessionSecurityContextRepository SecurityContext is empty or anonymous - context will not be stored in HttpSession.
context.SecurityContextPersistenceFilter SecurityContextHolder now cleared, as request processing completed
做這些enties(特別是'SecurityContext是空的或匿名的 - 上下文不會存儲在HttpSession中',所有這些都在Bootstraping過程中顯示出來)解釋爲什麼我的應用程序不能識別我在Bootstrap期間嘗試存儲的用戶名/密碼?我究竟做錯了什麼?
不,我想我錯過了那個筆記。你的建議爲我解決了一些問題。謝謝。 – user1137128 2012-02-02 00:00:38