使用 grails spring security core 2.0RC4 的 Requestmap 重定向循环
Redirect Loop with Requestmap with grails spring security core 2.0RC4
我一直在用 grails 2.4.4 面对 Failed to load resource: net::ERR_TOO_MANY_REDIRECTS。我在 com.usermanagement.auth 包中有 User、Role 和 Requestmap(它们是用 s2-quickstart 生成的)。请求映射、用户和角色似乎存储在数据库中(我正在使用 mysql)。
BuildConfig.groovy
编译“:spring-security-core:2.0-RC4”
Bootstrap.groovy
在初始化方法上
User admin = new User(username:'admin', password:'secret', enabled:true).save()
User john = new User(username:'john', password:'secret', enabled:true).save()
User jane = new User(username:'jane', password:'secret', enabled:true).save()
Role royalty = new Role(authority: 'ROLE_ROYALTY').save()
Role common = new Role(authority: 'ROLE_COMMON').save()
UserRole.create(admin, royalty)
UserRole.create(admin, common)
UserRole.create(john, common)
for (String url in [
'/', '/index', '/index.gsp', '/**/favicon.ico',
'/assets/**', '/**/js/**', '/**/css/**', '/**/images/**',
'/login', '/login.*', '/login/*',
'/logout', '/logout.*', '/logout/*']) {
new Requestmap(url: url, configAttribute: 'permitAll').save()
}
new Requestmap(url: '/*', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
new Requestmap(url: '/dbconsole/**', configAttribute: 'permitAll').save();
new Requestmap(url: '/logout/**', configAttribute: 'IS_AUTHENTICATED_REMEMBERED,IS_AUTHENTICATED_FULLY').save();
new Requestmap(url: '/login/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
new Requestmap(url: '/index/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
new Requestmap(url: '/', configAttribute: 'permitAll').save();
Config.groovy
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.usermanagement.auth.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.usermanagement.auth.UserRole'
grails.plugin.springsecurity.authority.className = 'com.usermanagement.auth.Role'
grails.plugin.springsecurity.requestMap.className = 'com.usermanagement.auth.Requestmap'
grails.plugin.springsecurity.securityConfigType = 'Requestmap'
grails.plugin.springsecurity.rejectIfNoRule = true
每当我尝试访问 localhost:8080/appname/ 时,这会导致重定向到 http://localhost:8080/appname/login/auth 后出现太多重定向错误。可能导致此问题的原因是什么?我什至无法访问 dbconsole。
事实证明,这是 https://jira.grails.org/browse/GPSPRINGSECURITYCORE-312 中提到的错误。 Spring Security Core 无法加载存储在 Grails 2.4.4 数据库中的 RequestMaps。我遵循了 link 中提到的解决方法;我基本上将 hibernate 插件从 4.3.6.1 降级到 4.3.5.5。还提到了其他解决方法。但这对我有用。
// runtime ":hibernate4:4.3.6.1" // or ":hibernate:3.6.10.18"
runtime ":hibernate4:4.3.5.5" // or ":hibernate:3.6.10.17"
我在 Grails 3.2.3 和 spring-security-core:3.1.1 中遇到了同样的问题。 hibernate5 插件导致了问题。更改为 hibernate4 插件后,它似乎可以正常工作。
它适合我....
if (!Requestmap.count()) {
for (String url in [
'/' , '/error', '/index', '/index.gsp', '/**/favicon.ico', '/shutdown',
'/**/js/**', '/**/css/**', '/**/images/**',
'/login', '/login.*', '/login/*',
'/logout', '/logout.*', '/logout/*', '/assets/**','/home/repopulate']) {
new Requestmap(url: url, configAttribute: 'permitAll').save(flush:true)
}
new Requestmap(url: "/**", configAttribute: 'ROLE_ADMIN').save(flush:true)
//TODO: eliminar para cerrar por roles el request
//new Requestmap(url: '/**', configAttribute: 'IS_AUTHENTICATED_FULLY').save(flush:true)
}
springSecurityService.clearCachedRequestmaps()
我一直在用 grails 2.4.4 面对 Failed to load resource: net::ERR_TOO_MANY_REDIRECTS。我在 com.usermanagement.auth 包中有 User、Role 和 Requestmap(它们是用 s2-quickstart 生成的)。请求映射、用户和角色似乎存储在数据库中(我正在使用 mysql)。
BuildConfig.groovy
编译“:spring-security-core:2.0-RC4”
Bootstrap.groovy 在初始化方法上
User admin = new User(username:'admin', password:'secret', enabled:true).save()
User john = new User(username:'john', password:'secret', enabled:true).save()
User jane = new User(username:'jane', password:'secret', enabled:true).save()
Role royalty = new Role(authority: 'ROLE_ROYALTY').save()
Role common = new Role(authority: 'ROLE_COMMON').save()
UserRole.create(admin, royalty)
UserRole.create(admin, common)
UserRole.create(john, common)
for (String url in [
'/', '/index', '/index.gsp', '/**/favicon.ico',
'/assets/**', '/**/js/**', '/**/css/**', '/**/images/**',
'/login', '/login.*', '/login/*',
'/logout', '/logout.*', '/logout/*']) {
new Requestmap(url: url, configAttribute: 'permitAll').save()
}
new Requestmap(url: '/*', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
new Requestmap(url: '/dbconsole/**', configAttribute: 'permitAll').save();
new Requestmap(url: '/logout/**', configAttribute: 'IS_AUTHENTICATED_REMEMBERED,IS_AUTHENTICATED_FULLY').save();
new Requestmap(url: '/login/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
new Requestmap(url: '/index/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
new Requestmap(url: '/', configAttribute: 'permitAll').save();
Config.groovy
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.usermanagement.auth.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.usermanagement.auth.UserRole'
grails.plugin.springsecurity.authority.className = 'com.usermanagement.auth.Role'
grails.plugin.springsecurity.requestMap.className = 'com.usermanagement.auth.Requestmap'
grails.plugin.springsecurity.securityConfigType = 'Requestmap'
grails.plugin.springsecurity.rejectIfNoRule = true
每当我尝试访问 localhost:8080/appname/ 时,这会导致重定向到 http://localhost:8080/appname/login/auth 后出现太多重定向错误。可能导致此问题的原因是什么?我什至无法访问 dbconsole。
事实证明,这是 https://jira.grails.org/browse/GPSPRINGSECURITYCORE-312 中提到的错误。 Spring Security Core 无法加载存储在 Grails 2.4.4 数据库中的 RequestMaps。我遵循了 link 中提到的解决方法;我基本上将 hibernate 插件从 4.3.6.1 降级到 4.3.5.5。还提到了其他解决方法。但这对我有用。
// runtime ":hibernate4:4.3.6.1" // or ":hibernate:3.6.10.18"
runtime ":hibernate4:4.3.5.5" // or ":hibernate:3.6.10.17"
我在 Grails 3.2.3 和 spring-security-core:3.1.1 中遇到了同样的问题。 hibernate5 插件导致了问题。更改为 hibernate4 插件后,它似乎可以正常工作。
它适合我....
if (!Requestmap.count()) {
for (String url in [
'/' , '/error', '/index', '/index.gsp', '/**/favicon.ico', '/shutdown',
'/**/js/**', '/**/css/**', '/**/images/**',
'/login', '/login.*', '/login/*',
'/logout', '/logout.*', '/logout/*', '/assets/**','/home/repopulate']) {
new Requestmap(url: url, configAttribute: 'permitAll').save(flush:true)
}
new Requestmap(url: "/**", configAttribute: 'ROLE_ADMIN').save(flush:true)
//TODO: eliminar para cerrar por roles el request
//new Requestmap(url: '/**', configAttribute: 'IS_AUTHENTICATED_FULLY').save(flush:true)
}
springSecurityService.clearCachedRequestmaps()