如何解决为什么我无法使用grails框架1.3.7中安装的spring security和weceem插件登录
|| 我正在使用weceem 1.0RC2,spring-security-core 1.1.3,spring-security-ui 0.1.2,weceem-spring-security 1.0及其依赖项安装几乎干净的grails 1.3.7项目。 除用户登录外,其他一切正常。当我想通过http:// localhost:8080 / appname / login登录时,我只会收到以下错误消息:Sorry,we were not able to find a user with that username and password.
import grails.converters.JSON
import javax.servlet.http.HttpServletResponse
import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
import org.springframework.security.authentication.AccountExpiredException
import org.springframework.security.authentication.CredentialsExpiredException
import org.springframework.security.authentication.disabledException
import org.springframework.security.authentication.LockedException
import org.springframework.security.core.context.SecurityContextHolder as SCH
import org.springframework.security.web.WebAttributes
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
class LoginController {
/**
* Dependency injection for the authenticationTrustResolver.
*/
def authenticationTrustResolver
/**
* Dependency injection for the springSecurityService.
*/
def springSecurityService
/**
* Default action; redirects to \'defaultTargetUrl\' if logged in,/login/auth otherwise.
*/
def index = {
if (springSecurityService.isLoggedIn()) {
redirect uri: SpringSecurityUtils.securityConfig.successHandler.defaultTargetUrl
}
else {
redirect action: auth,params: params
}
}
/**
* Show the login page.
*/
def auth = {
def config = SpringSecurityUtils.securityConfig
if (springSecurityService.isLoggedIn()) {
redirect uri: config.successHandler.defaultTargetUrl
return
}
String view = \'auth\'
String postUrl = \"${request.contextpath}${config.apf.filterProcessesUrl}\"
render view: view,model: [postUrl: postUrl,rememberMeParameter: config.rememberMe.parameter]
}
/**
* The redirect action for Ajax requests.
*/
def authAjax = {
response.setHeader \'Location\',SpringSecurityUtils.securityConfig.auth.ajaxLoginFormUrl
response.sendError HttpServletResponse.SC_UNAUTHORIZED
}
/**
* Show denied page.
*/
def denied = {
if (springSecurityService.isLoggedIn() &&
authenticationTrustResolver.isRememberMe(SCH.context?.authentication)) {
// have cookie but the page is guarded with IS_AUTHENTICATED_FULLY
redirect action: full,params: params
}
}
/**
* Login page for users with a remember-me cookie but accessing a IS_AUTHENTICATED_FULLY page.
*/
def full = {
def config = SpringSecurityUtils.securityConfig
render view: \'auth\',params: params,model: [hasCookie: authenticationTrustResolver.isRememberMe(SCH.context?.authentication),postUrl: \"${request.contextpath}${config.apf.filterProcessesUrl}\"]
}
/**
* Callback after a Failed login. Redirects to the auth page with a warning message.
*/
def authfail = {
def username = session[UsernamePasswordAuthenticationFilter.SPRING_Security_LAST_USERNAME_KEY]
String msg = \'\'
def exception = session[WebAttributes.AUTHENTICATION_EXCEPTION]
if (exception) {
if (exception instanceof AccountExpiredException) {
msg = SpringSecurityUtils.securityConfig.errors.login.expired
}
else if (exception instanceof CredentialsExpiredException) {
msg = SpringSecurityUtils.securityConfig.errors.login.passwordExpired
}
else if (exception instanceof disabledException) {
msg = SpringSecurityUtils.securityConfig.errors.login.disabled
}
else if (exception instanceof LockedException) {
msg = SpringSecurityUtils.securityConfig.errors.login.locked
}
else {
msg = SpringSecurityUtils.securityConfig.errors.login.fail
}
}
if (springSecurityService.isAjax(request)) {
render([error: msg] as JSON)
}
else {
flash.message = msg
redirect action: auth,params: params
}
}
/**
* The Ajax success redirect url.
*/
def ajaxSuccess = {
render([success: true,username: springSecurityService.authentication.name] as JSON)
}
/**
* The Ajax denied redirect url.
*/
def ajaxDenied = {
render([error: \'access denied\'] as JSON)
}
}
解决方法
我刚刚解决了一个症状相同的问题。
原来,我在Config.groovy中使用的映射闭包有一个错字,并且我正在将一个不存在的字段映射到用户的weceem视图中的\'password \'字段。
因此,插件注入的自定义UserDetailsService只是讨厌我的用户对象,没有任何效果。
我在映射的域侧将passwd更改为password,以使其与我的User对象中的实际值匹配,并且一切正常。
, 从您提供的少量信息中分辨出来有点棘手。 Weceem Spring Security插件将Spring Security Core桥接到Weceem的身份验证机制。
它通过提供自定义UserDetailsService实现来实现此目的,该实现从域类映射到Spring Security Core使用的会话数据对象。
此登录URL,是否已映射到您自己的登录控制器(如上所示)? weceem-spring-security插件中的UserDetailsService使用配置的用户域类来调用findByUsername(username):
void afterPropertiesSet() {
def conf = grailsApplication.config
def clsname = conf.grails.plugins.springsecurity.userLookup.userDomainClassName
domainClass = grailsApplication.getDomainClass(clsname).clazz
def mapper = conf.weceem.springsecurity.details.mapper
if (!(mapper instanceof Closure)) {
throw new IllegalArgumentException(
\"Your Config must specify a closure in weceem.springsecurity.details.mapper \"+
\"that maps the domain model to a non-domain object,providing at least: ${REQUIRED_MAPPED_FIELDS}\")
}
detailsMapper = mapper
}
UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
domainClass.withTransaction { status ->
def user = domainClass.findByUsername(username)
if (!user) throw new UsernameNotFoundException(\'User not found\',username)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
