I have upgraded my current spring security plugins to
- spring-security-core-2.0-RC2
- spring-security-ui-1.0-RC1
PROBLEM
and I noticed that my login screen no longer shows up. In Chrome it says This page has a redirect loop
STEPS TO RECREATE THE PROBLEM
So I have tried to create a brand new application called Test to try to isolate the problem.
First, I installed the security and security-ui plugins by adding the following entries in the BuildConfig.groovy:
compile ":spring-security-core:2.0-RC2"
compile ":spring-security-ui:1.0-RC1"
Second I ran the quick start command as follows:
grails s2-quickstart security Person Authority Requestmap
and it created 4 domain objects as follows under a package called security: Authority.groovy, Person.groovy, PersonAuthority.groovy and Requestmap.groovy
as well as added the following to my Config.groovy
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'security.Person'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'security.PersonAuthority'
grails.plugin.springsecurity.authority.className = 'security.Authority'
grails.plugin.springsecurity.requestMap.className = 'security.Requestmap'
grails.plugin.springsecurity.securityConfigType = 'Requestmap'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll']
]
Finally, I have run the app by doing a grails run-app command where I would expect the login page (auth.gsp) that now is no longer part of your code but of the plugin (by design) to be returned
C\myPathToGrails\.grails\2.2.2\projects\Test\plugins\spring-security-core-2.0-RC2\grails-app\views\login\auth.gsp
but instead I get a blank page stating that this page has a redirect loop.
I have also added the following staticRules, cleaning the app, and re-running it again to see if it would fix the problem but the redirect message still ocurred.
'/login/**': ['permitAll'],
'/login/auth/**': ['permitAll'],
'/login.gsp': ['permitAll']
Anybody has any idea of how to get around this?
Thanks in advance.
You're using Requestmap as security config type, your controllerAnnotations.staticRules does not have any effect.
You need configure rules in RequestMap table, and enable your login controller and public pages to anonymous can access without login like:
new Requestmap(url: '/*', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
new Requestmap(url: '/logout/**', configAttribute: 'IS_AUTHENTICATED_REMEMBERED,IS_AUTHENTICATED_FULLY').save();
new Requestmap(url: '/login/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save()
new Requestmap(url: '/index/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
Thanks Mr Ignacio Ocampo for your help.
These lines have to be added in bootstrap.groovy.
Thanks Alot.
class BootStrap {
def springSecurityService
def grailsApplication
def init = { servletContext ->
println "In bootstrap Init"
//Added so that these urls can be visible to everyone
new Requestmap(url: '/*', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
new Requestmap(url: '/logout/**', configAttribute: 'IS_AUTHENTICATED_REMEMBERED,IS_AUTHENTICATED_FULLY').save();
new Requestmap(url: '/login/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save()
new Requestmap(url: '/index/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
println 'Bootstrap init done'
}
def destroy = {
}
}
来源:https://stackoverflow.com/questions/20668999/grails-spring-security-fails-to-present-the-login-page-due-to-a-redirect-loop