使用spring-security-core:2.0-RC5 插件,并添加
@Secured('ROLE_USER')
到人类控制器,当我去这个 URL
它假设将我转发到登录页面,因为此操作受到保护,但它给了我this page can't be displayed如下所示。如何解决这个问题。
2 回答
0
查看我的配置文件时,我发现:
grails.plugin.springsecurity.auth.forceHttps = true
当我评论它时,一切正常。
于 2015-12-17T13:31:01.643 回答
0
我不确定为什么没有方括号它就不能工作,但工作如下
@Secured(['ROLE_USER'])
或作为
@Secured(value=["hasRole('ROLE_USER')"])
很@Secured(['ROLE_USER'])明显,它采用角色列表而不是单个角色字符串。要将角色作为字符串提供,您应该使用 Secured 注释中的 value 属性,然后调用 hasRole('your_role')。
希望能帮助到你!
编辑
另外检查弹簧安全设置。以下是矿山:
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com..User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.UserRole'
grails.plugin.springsecurity.authority.className = 'com.Role'
grails.plugin.springsecurity.authority.groupAuthorityNameField = 'authorities'
grails.plugin.springsecurity.useRoleGroups = false
grails.plugin.springsecurity.securityConfigType = "Annotation"
grails.plugin.springsecurity.rejectIfNoRule = false
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
grails.plugin.springsecurity.successHandler.defaultTargetUrl="/home/index"
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/error': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/shutdown': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/fonts/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/login/**': ['permitAll'],
'/logout/**': ['permitAll'],
'/dbconsole/**': ['ROLE_ADMIN'],
]
希望这些有帮助!
于 2015-12-17T02:33:23.960 回答