【发布时间】:2015-08-02 01:34:44
【问题描述】:
我将 Siteminder 与应用程序一起使用,但使用 spring security core 插件来管理所有其他方面的安全性。我没有被某些需要特定角色的资源阻止,尽管如果我尝试点击该 url,我会被踢到 requestHeaderAuthenticationFilter。
Config.groovy
...
grails.plugin.springsecurity.securityConfigType = grails.plugin.springsecurity.SecurityConfigType.InterceptUrlMap
grails.plugin.springsecurity.providerNames = ['preauthAuthProvider', 'anonymousAuthenticationProvider']
grails.plugin.springsecurity.filterNames = ['anonymousAuthenticationFilter','requestHeaderAuthenticationFilter']
grails.plugin.springsecurity.filterChain.filterNames = ['anonymousAuthenticationFilter','requestHeaderAuthenticationFilter']
grails.plugin.springsecurity.filterChain.chainMap = [
'/assets/**': 'anonymousAuthenticationFilter',
'/public/**': 'anonymousAuthenticationFilter',
'/auth/**': 'requestHeaderAuthenticationFilter'
]
grails.plugin.springsecurity.x509.checkForPrincipalChanges = 'true'
grails.plugin.springsecurity.logout.afterLogoutUrl='/public/'
grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/auth/home'
grails.plugin.springsecurity.interceptUrlMap = [
'/auth/admin': ['ROLE_SYSTEM_ADMIN'],
'/auth/constant/**': ['ROLE_SYSTEM_ADMIN'],
'/assets/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/public/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/auth/**': ['IS_AUTHENTICATED_FULLY']
]
当我使用 taglib 是否显示链接时,它按预期工作:
<sec:ifAnyGranted roles="ROLE_SYSTEM_ADMIN">
<g:link uri="/auth/admin">Admin</g:link>
</sec:ifAnyGranted>
我在 URLMappings 中的组中拥有所有内容:
static mappings = {
group("/auth") {
"/constant/$action?/$id?(.${format})?"(controller: 'constant')
"/admin"(view:'/admin')
"/"(controller:'index',action:'home')
"/home"(controller:'index',action:'home')
}
group("/public") {
"/"(controller:'index',action:'public')
"/index"(controller:'index',action:'public')
}
}
所以,标签似乎工作正常,但我仍然可以正常访问该链接,这意味着我的设置一定是在某个地方搞砸了。
Grails 2.4.3
Spring Security Core 2.0-RC4
【问题讨论】:
标签: grails spring-security grails-plugin