grails - 为什么我无法使用 grails 框架 1.3.7 中安装的 spring secu

我正在开发一个几乎干净的 grails 1.3.7 项目,其中安装了 weceem 1.0RC2、spring-security-core 1.1.3、spring-security-ui 0.1.2、weceem-spring-security 1.0 及其依赖项。

除用户登录外,一切正常。当我想通过 http://localhost:8080/appname/login 登录时我只收到以下错误消息:

Sorry, we were not able to find a user with that username and password.

但是该用户仍然存在于数据库中,如果我使用由 spring-security-ui 创建的用户,我会收到相同的错误消息。要对密码进行编码,我使用的是 springSecurityService.encodePassword('password')。 LoginController 由 spring-security (s2-quickstart) 生成。

我认为 weceem - spring-security 桥可能有问题,你有什么意见?

最好的祝福,
whitenexx
import grails.converters.JSON
import javax.servlet.http.HttpServletResponse
import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
import org.springframework.security.authentication.AccountExpiredException
import org.springframework.security.authentication.CredentialsExpiredException
import org.springframework.security.authentication.DisabledException
import org.springframework.security.authentication.LockedException
import org.springframework.security.core.context.SecurityContextHolder as SCH
import org.springframework.security.web.WebAttributes
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

class LoginController {

/**
 * Dependency injection for the authenticationTrustResolver.
 */
def authenticationTrustResolver

/**
 * Dependency injection for the springSecurityService.
 */
def springSecurityService

/**
 * Default action; redirects to 'defaultTargetUrl' if logged in, /login/auth otherwise.
 */
def index = {
    if (springSecurityService.isLoggedIn()) {
        redirect uri: SpringSecurityUtils.securityConfig.successHandler.defaultTargetUrl
    }
    else {
        redirect action: auth, params: params
    }
}

/**
 * Show the login page.
 */
def auth = {

    def config = SpringSecurityUtils.securityConfig

    if (springSecurityService.isLoggedIn()) {
        redirect uri: config.successHandler.defaultTargetUrl
        return
    }

    String view = 'auth'
    String postUrl = "${request.contextPath}${config.apf.filterProcessesUrl}"
    render view: view, model: [postUrl: postUrl,
                rememberMeParameter: config.rememberMe.parameter]
}

/**
 * The redirect action for Ajax requests. 
 */
def authAjax = {
    response.setHeader 'Location', SpringSecurityUtils.securityConfig.auth.ajaxLoginFormUrl
    response.sendError HttpServletResponse.SC_UNAUTHORIZED
}

/**
 * Show denied page.
 */
def denied = {
    if (springSecurityService.isLoggedIn() &&
    authenticationTrustResolver.isRememberMe(SCH.context?.authentication)) {
        // have cookie but the page is guarded with IS_AUTHENTICATED_FULLY
        redirect action: full, params: params
    }
}

/**
 * Login page for users with a remember-me cookie but accessing a IS_AUTHENTICATED_FULLY page.
 */
def full = {
    def config = SpringSecurityUtils.securityConfig
    render view: 'auth', params: params,
            model: [hasCookie: authenticationTrustResolver.isRememberMe(SCH.context?.authentication),
                postUrl: "${request.contextPath}${config.apf.filterProcessesUrl}"]
}

/**
 * Callback after a failed login. Redirects to the auth page with a warning message.
 */
def authfail = {

    def username = session[UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY]
    String msg = ''
    def exception = session[WebAttributes.AUTHENTICATION_EXCEPTION]
    if (exception) {
        if (exception instanceof AccountExpiredException) {
            msg = SpringSecurityUtils.securityConfig.errors.login.expired
        }
        else if (exception instanceof CredentialsExpiredException) {
            msg = SpringSecurityUtils.securityConfig.errors.login.passwordExpired
        }
        else if (exception instanceof DisabledException) {
            msg = SpringSecurityUtils.securityConfig.errors.login.disabled
        }
        else if (exception instanceof LockedException) {
            msg = SpringSecurityUtils.securityConfig.errors.login.locked
        }
        else {
            msg = SpringSecurityUtils.securityConfig.errors.login.fail
        }
    }

    if (springSecurityService.isAjax(request)) {
        render([error: msg] as JSON)
    }
    else {
        flash.message = msg
        redirect action: auth, params: params
    }
}

/**
 * The Ajax success redirect url.
 */
def ajaxSuccess = {
    render([success: true, username: springSecurityService.authentication.name] as JSON)
}

/**
 * The Ajax denied redirect url.
 */
def ajaxDenied = {
    render([error: 'access denied'] as JSON)
}
}

最佳答案

我刚刚解决了一个症状相同的问题。

事实证明,我在 Config.groovy 中的映射闭包有错字,我将一个不存在的字段映射到用户 weceem View 中的“密码”字段。

所以插件注入(inject)的自定义 UserDetailsS​​ervice 只是讨厌我的用户对象,并且没有任何工作正常。

我在映射的域侧将 passwd 更改为密码,以使其与我的 User 对象中的实际内容相匹配,并且一切正常。

关于grails - 为什么我无法使用 grails 框架 1.3.7 中安装的 spring security 和 weceem 插件登录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6341348/

相关文章:

grails - Grails脚本调用我自己的Java类

grails - 集成测试查找资源中的问题

grails - Grails安全过滤器和/index.gsp

list - 如何在Grails中过滤列表以仅显示特定用户的 'belongsTo'?

grails - 基于WSDL的Groovy/Grails模拟Web服务

sorting - 从Select标记获取值(Grails)

Grails - Controller 如何连接两个表并在一个 gsp 上显示?

grails - grails复合ID无效

grails - 与Grails的零对多关系?

validation - 拉丁字母的Grails约束