我在 Grails 2.0.1 中使用 springsecurity 插件。我的角色层次结构和其他 s2 属性如下所示。
grails.plugins.springsecurity.userLookup.userDomainClassName = 'myApp.security.User'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'myApp.security.UserRole'
grails.plugins.springsecurity.authority.className = 'myApp.security.Role'
grails.plugins.springsecurity.successHandler.defaultTargetUrl="/index"
grails.plugins.springsecurity.securityConfigType = "Annotation"
//grails.plugins.springsecurity.rejectIfNoRule = true
grails.plugins.springsecurity.roleHierarchy = '''
ROLE_ADMIN > ROLE_OWNER_TRANSFER_PRIVILEGE
ROLE_OWNER_TRANSFER_PRIVILEGE > ROLE_OWNER
ROLE_OWNER > ROLE_USER_WRITE
'''
根据文档,如果我的 @secured 注释允许 ROLE_USER_WRITE,那么所有其他角色也需要被允许访问。同样,如果我要使用标签,那么 ROLE_OWNER、ROLE_OWNER_TRANSFER_PRIVILEGE 和 ROLE_ADMIN 必须等于 true。但是,这不起作用,相反我不得不列出每个角色。我检查了调试日志,它看起来像这样
2012-06-01 09:28:14,802 [pool-5-thread-1] DEBUG hierarchicalroles.RoleHierarchyImpl - setHierarchy() - The following role hierarchy was set:
ROLE_ADMIN > ROLE_OWNER_TRANSFER_PRIVILEGE
ROLE_OWNER_TRANSFER_PRIVILEGE > ROLE_OWNER
ROLE_OWNER > ROLE_USER_WRITE
2012-06-01 09:28:14,802 [pool-5-thread-1] DEBUG hierarchicalroles.RoleHierarchyImpl - buildRolesReachableInOneStepMap() - From role ROLE_ADMIN one can reach r
ole ROLE_OWNER_TRANSFER_PRIVILEGE in one step.
2012-06-01 09:28:14,802 [pool-5-thread-1] DEBUG hierarchicalroles.RoleHierarchyImpl - buildRolesReachableInOneStepMap() - From role ROLE_OWNER_TRANSFER_PRIVIL
EGE one can reach role ROLE_OWNER in one step.
2012-06-01 09:28:14,802 [pool-5-thread-1] DEBUG hierarchicalroles.RoleHierarchyImpl - buildRolesReachableInOneStepMap() - From role ROLE_OWNER one can reach r
ole ROLE_USER_WRITE in one step.
2012-06-01 09:28:14,803 [pool-5-thread-1] DEBUG hierarchicalroles.RoleHierarchyImpl - buildRolesReachableInOneOrMoreStepsMap() - From role ROLE_ADMIN one can
reach [ROLE_OWNER_TRANSFER_PRIVILEGE, ROLE_USER_WRITE, ROLE_OWNER] in one or more steps.
...
似乎正在创建角色层次结构,但在应用程序运行时它们并未强制执行。我做错了什么,如何根据文档让它工作?