0

我正在使用带有 spring-security-rest、spring-security-core 和 spring-security-ui 插件的 Grails v2.4.2。

我正在尝试禁用 spring-security-rest 附带的 RestAuthenticationFilter ,以便我可以编写一个不区分大小写的自定义身份验证过滤器。

在我的 config.groovy 中,我使用了以下过滤器链图:

grails.plugin.springsecurity.filterChain.chainMap = [
'/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter,-restAuthenticationFilter'

]

我添加了“- restAuthenticationFilter ”以排除 RestAuthenticationFilter 但它仍在运行。

在通过 RestAuthenticationFilter 登录时,如何排除 RestAuthentication Filter 或者是否有更简单的方法可以为用户名添加不区分大小写的功能?

4

2 回答 2

2

似乎是2个不同的问题。

如果要排除 REST 身份验证过滤器,我认为您需要从链中删除 restTokenValidationFilter 和 restExceptionTranslationFilter 。

尝试

grails.plugin.springsecurity.filterChain.chainMap = [
'/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter,-restTokenValidationFilter,-restExceptionTranslationFilter'
]

如果您想让您的用户名不区分大小写,只需创建 GrailsUserDetailsS​​ervice 的自定义实现。实施 loadUserByUsername 以忽略用户名的大小写。

请参阅http://grails-plugins.github.io/grails-spring-security-core/guide/userDetailsS​​ervice.html

于 2015-04-13T16:57:49.337 回答
1

The plugin doesn't perform any authentication itself, but rather delegates it to the Spring's AuthenticationManager, which in turn uses any authentication provider configured. In your case, the provider used is DaoAuthenticationProvider, and it delegates user retrieval to the userDetailsService configured bean.

As @jstell pointed out, the core plugin provides a GormUserDetailsService that you will have to subclass, override the method loadUserByUsername(String username, boolean loadRoles), and configure in resources.groovy as userDetailsService bean.

于 2015-04-14T07:39:46.383 回答