使用带有 grails spring security core 2.0RC4 的 Requestmap 重定向循环

Question

我一直在使用 grails 2.4.4 面对 Failed to load resource: net::ERR_TOO_MANY_REDIRECTS。我在com.usermanagement.auth 包中有User、Role 和Requestmap（这些是用s2-quickstart 生成的）。 Requestmaps，用户和角色似乎都存储在数据库中（我使用的是mysql）。

BuildConfig.groovy

编译“:spring-security-core:2.0-RC4”

Bootstrap.groovy 关于初始化方法

        User admin = new User(username:'admin', password:'secret', enabled:true).save()
        User john = new User(username:'john', password:'secret', enabled:true).save()
        User jane = new User(username:'jane', password:'secret', enabled:true).save()
        Role royalty = new Role(authority: 'ROLE_ROYALTY').save()
        Role common = new Role(authority: 'ROLE_COMMON').save()
        UserRole.create(admin, royalty)
        UserRole.create(admin, common)
        UserRole.create(john, common)

        for (String url in [
                '/', '/index', '/index.gsp', '/**/favicon.ico',
                '/assets/**', '/**/js/**', '/**/css/**', '/**/images/**',
                '/login', '/login.*', '/login/*',
                '/logout', '/logout.*', '/logout/*']) {
            new Requestmap(url: url, configAttribute: 'permitAll').save()
        }

        new Requestmap(url: '/*', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
        new Requestmap(url: '/dbconsole/**', configAttribute: 'permitAll').save();
        new Requestmap(url: '/logout/**', configAttribute: 'IS_AUTHENTICATED_REMEMBERED,IS_AUTHENTICATED_FULLY').save();
        new Requestmap(url: '/login/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
        new Requestmap(url: '/index/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
        new Requestmap(url: '/', configAttribute: 'permitAll').save();

Config.groovy

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.usermanagement.auth.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.usermanagement.auth.UserRole'
grails.plugin.springsecurity.authority.className = 'com.usermanagement.auth.Role'
grails.plugin.springsecurity.requestMap.className = 'com.usermanagement.auth.Requestmap'
grails.plugin.springsecurity.securityConfigType = 'Requestmap'
grails.plugin.springsecurity.rejectIfNoRule = true

每当我尝试访问 localhost:8080/appname/ 时，都会在重定向到 http://localhost:8080/appname/login/auth 后导致重定向错误过多。什么可能导致此问题？我什至无法访问 dbconsole。

Answer 1

事实证明，这是https://jira.grails.org/browse/GPSPRINGSECURITYCORE-312 中提到的一个错误。 Spring Security Core 无法加载存储在 Grails 2.4.4 数据库中的 RequestMaps。我遵循了链接中提到的解决方法；我基本上将休眠插件从 4.3.6.1 降级到 4.3.5.5。还提到了其他解决方法。但这对我有用。

// runtime ":hibernate4:4.3.6.1" // or ":hibernate:3.6.10.18"
runtime ":hibernate4:4.3.5.5" // or ":hibernate:3.6.10.17"

Answer 2

我在使用 Grails 3.2.3 和 spring-security-core:3.1.1 时遇到了同样的问题。 hibernate5 插件导致了这个问题。更改为 hibernate4 插件后，它似乎工作正常。

Answer 3

它对我有用....

    if (!Requestmap.count()) {

        for (String url in [
                '/' , '/error', '/index', '/index.gsp', '/**/favicon.ico', '/shutdown',
                '/**/js/**', '/**/css/**', '/**/images/**',
                '/login', '/login.*', '/login/*',
                '/logout', '/logout.*', '/logout/*', '/assets/**','/home/repopulate']) {
            new Requestmap(url: url, configAttribute: 'permitAll').save(flush:true)
        }

        new Requestmap(url: "/**", configAttribute: 'ROLE_ADMIN').save(flush:true)

        //TODO: eliminar para cerrar por roles el request
        //new Requestmap(url: '/**', configAttribute: 'IS_AUTHENTICATED_FULLY').save(flush:true)

    }
    springSecurityService.clearCachedRequestmaps()