问题
hi In my grails application I am using spring security
in one of my view page (GSP) i am making an ajax call to an action in one of the controller but the request is denied and i end up in the "ajaxDenied()' action in Login controller
here is my ajax call
function setTagged(id)
{
alert(id);
$.ajax({
url: "./email/setTagged",
type:"post",
// data:{ids:JSON.stringify(idList), option:option, id:id}
success: function(data) {
alert(data); //<-----this logs the data in browser's console
},
error: function(xhr){
alert(xhr.responseText); //<----when no data alert the err msg
}
});
alert("here 1");
}
here is my config.groovy part where spring security plugin allows which pages to be accesible
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.spi.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.spi.UserRole'
grails.plugin.springsecurity.authority.className = 'com.spi.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/login/*': ['permitAll'],
'/home/*': ['permitAll'],
'/logout/*': ['permitAll'],
'/message/*': ['permitAll'],
'/ticket/*': ['permitAll'],
'/email/*': ['permitAll'],
'/role/*': ['permitAll'],
'/user/*': ['permitAll'],
'/index.gsp': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll']]
any suggestion how can i call any action from my own controllers via an ajax call ???
回答1:
What is the version of your spring-security plugin ?
I don't know if it is the problem, but the version 2.0 is more aggressively secure by default and use the pessimistic lockdown (What's New and Pessimistic Lockdown).
Did you define the @secured annotation for your action ?
来源:https://stackoverflow.com/questions/23166828/ajax-request-denied-in-spring-security-grails