spring - Grails Spring Security 插件和 dbconsole

Question

我使用 grails 2.4.3 并安装了官方的 grails 安全插件

compile ":spring-security-core:2.0-RC4"

在安装插件之前，我可以使用 url 访问数据库控制台页面

http://localhost:8080/tobu/dbconsole

但是，安装插件后，我无法这样做。当我尝试访问上述 URl 并通过任何用户帐户登录显示“访问被拒绝”页面时，我得到默认登录屏幕。我该如何解决这个问题？

grails.project.groupId = appName 

grails.mime.disable.accept.header.userAgents = ['Gecko', 'WebKit', 'Presto', 'Trident']
grails.mime.types = [ // the first one is the default format
all:           '*/*', // 'all' maps to '*' or the first available format in withFormat
atom:          'application/atom+xml',
css:           'text/css',
csv:           'text/csv',
form:          'application/x-www-form-urlencoded',
html:          ['text/html','application/xhtml+xml'],
js:            'text/javascript',
json:          ['application/json', 'text/json'],
multipartForm: 'multipart/form-data',
rss:           'application/rss+xml',
text:          'text/plain',
hal:           ['application/hal+json','application/hal+xml'],
xml:           ['text/xml', 'application/xml']
]

grails.views.default.codec = "html"

grails.controllers.defaultScope = 'singleton'

grails {
views {
    gsp {
        encoding = 'UTF-8'
        htmlcodec = 'xml' // use xml escaping instead of HTML4 escaping
        codecs {
            expression = 'html' // escapes values inside ${}
            scriptlet = 'html' // escapes output from scriptlets in GSPs
            taglib = 'none' // escapes output from taglibs
            staticparts = 'none' // escapes output from static template parts
        }
    }
    // escapes all not-encoded output at final stage of outputting
    // filteringCodecForContentType.'text/html' = 'html'
}
}


grails.converters.encoding = "UTF-8"
grails.scaffolding.templates.domainSuffix = 'Instance'

grails.json.legacy.builder = false
grails.enable.native2ascii = true
grails.spring.bean.packages = []
grails.web.disable.multipart=false

grails.exceptionresolver.params.exclude = ['password']

grails.hibernate.cache.queries = false

grails.hibernate.osiv.readonly = false

environments {
development {
    grails.logging.jul.usebridge = true
}
production {
    grails.logging.jul.usebridge = false
    // TODO: grails.serverURL = "http://www.changeme.com"
}
}

log4j.main = {
// Example of changing the log pattern for the default console appender:
//
//appenders {
//    console name:'stdout', layout:pattern(conversionPattern: '%c{2} %m%n')
//}

error  'org.codehaus.groovy.grails.web.servlet',        // controllers
       'org.codehaus.groovy.grails.web.pages',          // GSP
       'org.codehaus.groovy.grails.web.sitemesh',       // layouts
       'org.codehaus.groovy.grails.web.mapping.filter', // URL mapping
       'org.codehaus.groovy.grails.web.mapping',        // URL mapping
       'org.codehaus.groovy.grails.commons',            // core / classloading
       'org.codehaus.groovy.grails.plugins',            // plugins
       'org.codehaus.groovy.grails.orm.hibernate',      // hibernate integration
       'org.springframework',
       'org.hibernate',
       'net.sf.ehcache.hibernate'
}


// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'tobu.Actor'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'tobu.ActorRole'
grails.plugin.springsecurity.authority.className = 'tobu.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/':                              ['permitAll'],
'/dbconsole':                     ['permitAll'],
'/index':                         ['permitAll'],
'/index.gsp':                     ['permitAll'],
'/assets/**':                     ['permitAll'],
'/**/js/**':                      ['permitAll'],
'/**/css/**':                     ['permitAll'],
'/**/images/**':                  ['permitAll'],
'/**/favicon.ico':                ['permitAll']
 ]

Answer 1

我必须对配置文件中的静态规则进行以下更改。

'/dbconsole/**':                  ['ROLE_USER'],