2

我正在尝试使用带有 angularjs 配置文件的 grails 3.2.0.M2来遵循http://alvarosanchez.github.io/grails-angularjs-springsecurity-workshop/上的教程。

build.gradle 有以下内容

 compile 'org.grails.plugins:spring-security-core:3.1.1'
 compile "org.grails.plugins:spring-security-rest:2.0.0.M2"

我的 application.groovy 有以下内容

grails.plugin.springsecurity.userLookup.userDomainClassName = 'workspace.kernel.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'workspace.kernel.UserRole'
grails.plugin.springsecurity.authority.className = 'workspace.kernel.Role'
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.rejectIfNoRule = true

grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    [pattern: '/ats/**',       access: ['permitAll']],
    [pattern: '/login/**',       access: ['permitAll']],
    [pattern: '/index/**',       access: ['permitAll']],
    [pattern: '/',               access: ['permitAll']],
    [pattern: '/error',          access: ['permitAll']],
    [pattern: '/index',          access: ['permitAll']],
    //[pattern: '/welcome.gsp',      access: ['permitAll']],
    [pattern: '/shutdown',       access: ['permitAll']],
    [pattern: '/assets/**',      access: ['permitAll']],
    [pattern: '/**/js/**',       access: ['permitAll']],
    [pattern: '/**/css/**',      access: ['permitAll']],
    [pattern: '/**/images/**',   access: ['permitAll']],
    [pattern: '/**/favicon.ico', access: ['permitAll']],
    [pattern: '/dbconsole/**', access: ['permitAll']]

]

grails.plugin.springsecurity.filterChain.chainMap = [
    [pattern: '/assets/**',      filters: 'none'],
    [pattern: '/**/js/**',       filters: 'none'],
    [pattern: '/**/css/**',      filters: 'none'],
    [pattern: '/**/images/**',   filters: 'none'],
    [pattern: '/**/favicon.ico', filters: 'none'],
    [pattern: '/**',             filters: 'JOINED_FILTERS']
    //[pattern: '/**',         filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter']
]

我故意不使用'/api/**'前缀,因为我想我将不得不更改多个javascript。

我能够成功登录并获得令牌,但之后许多操作都返回 403 状态。例如

@Transactional
    @Secured(['ROLE_ADMIN'])
    def save(User user) {
        if (user == null) {
            transactionStatus.setRollbackOnly()
            render status: NOT_FOUND
            return
        }

        if (user.hasErrors()) {
            transactionStatus.setRollbackOnly()
            respond user.errors, view: 'create'
            return
        }

        user.save flush: true

        respond user, [status: CREATED, view: "show"]
    }

另一方面,一些请求根本不需要令牌!例如以下,无论是否缺少令牌,它都可以正常工作

 @Transactional
    @Secured(['ROLE_ADMIN'])
    def processUpload() {
        println params.file.getOriginalFilename()
        String xmlReponse = resumeParserService.parse(params.file.getBytes(), "txt")
        println 'response received'
        def xmlObj = new XmlSlurper().parseText(xmlReponse)
        println 'xml slurped'
        Map candidate =[:];
        candidate.firstName = xmlObj.personalInformation.firstname.text()
        candidate.lastName = xmlObj.personalInformation.lastname.text()
        candidate.email = xmlObj.personalInformation.email.text()
        candidate.mobile = xmlObj.personalInformation.phoneNumber.text()
        candidate.highestQualification = xmlObj.personalInformation.isced.name.text()
        xmlObj.binaryDocuments.document.each{
            if(it.class.text().startsWith('plot_')){
                candidate[it.class.text()] = it.binary.text()
            }
        }
       // println 'values assigned'
        println candidate
        render candidate as JSON
    }

最后,我的休息客户要求在此处输入图像描述 我对使我的网站无状态最不感兴趣;有没有办法让我所有的 grails 3 控制器都是静态的并且只使用 spring-security-core?

4

0 回答 0