方式一: @Secure
方式二: application.groovy
方式三: Requestmap 保存在数据库中.
悲观锁定
默认rejectNoRule = true,
那么所以没有配置的URL用户都不可访问
另外一个配置是fii.rejectPublicInvocations, 如果rejectNoRule是false,那么前者为true时,没有配置的URL访问会抛出IlleaglArgumentException,并显示error page.
在rejectNoRule=true或fii.rejectPublicInvocations=true时,可以使用下面配置.
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
[pattern: '/', access: ['permitAll']],
[pattern: '/error', access: ['permitAll']],
[pattern: '/index', access: ['permitAll']],
[pattern: '/index.gsp', access: ['permitAll']],
[pattern: '/shutdown', access: ['permitAll']],
[pattern: '/assets/**', access: ['permitAll']],
[pattern: '/**/js/**', access: ['permitAll']],
[pattern: '/**/css/**', access: ['permitAll']],
[pattern: '/**/images/**', access: ['permitAll']],
[pattern: '/**/favicon.ico', access: ['permitAll']],
[pattern: '/user/**', access: 'ROLE_USER'],
[pattern: '/admin/**', access: ['ROLE_ADMIN', 'isFullyAuthenticated()']],
[pattern: '/thing/register', access: 'isAuthenticated()', httpMethod: 'PUT']
]URLs 和Authorities
(1)IS_AUTHENTICATED_ANONYMOUSLY
SpEL表达式permitAll同等于它
(2)IS_AUTHENTICATED_REMEMBERED
SpEL表达式isAuthenticated()或isRemeberMe()等同于它
(3)IS_AUTHENTICATED_FULLY
SpEL表达式isFullyAuthenticated()等同于它
在Requestmap和application.groovy的方法中,URLS必须是小写.
Static Map
需要指定
grails.plugin.springsecurity.securityConfigType = "InterceptUrlMap"然后在application.groovy中定义一个map
grails.plugin.springsecurity.interceptUrlMap = [
...
[pattern: '/secure/**', access: ['ROLE_ADMIN']],
[pattern: '/finance/**', access: ['ROLE_FINANCE', 'isFullyAuthenticated()']]
]| Traditional Config | Expression |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
最后欢迎大家访问我的个人网站:1024s
6312
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
