grails - spring-security-shiro org.apache.shiro.authc.AccountException:未登录或匿名

Question

我正在将我的应用程序从grails 2.4.4迁移到grails 3.2.9。

我正在尝试迁移到

compile 'org.grails.plugins:spring-security-shiro:3.0.1' 

当我尝试与用户登录时，出现以下错误:

   org.apache.shiro.authc.AccountException: Not logged in or anonymous
            at grails.plugin.springsecurity.shiro.SpringSecurityRealm.getCurrentUser(SpringSecurityRealm.groovy:76)
            at grails.plugin.springsecurity.shiro.SpringSecurityRealm.doGetAuthenticationInfo(SpringSecurityRealm.groovy:95)
            at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
            at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
            at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
            at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
            at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
            at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
            at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
            at org.apache.shiro.subject.Subject$login.call(Unknown Source)

在我的申请规则中，我有:

[pattern: '/login/auth/**',      access: ['permitAll']],

在grails 2.4.4中，我将能够调试dbRealm.groovy文件，但是我不能使用新插件来调试。

我知道用户未登录，因为这是我要尝试的操作，但是为什么它会认为我的用户是匿名用户？

Answer 1

基于https://grails-plugins.github.io/grails-spring-security-shiro/v3/index.html#permissions

This will transitively install the Spring Security Core plugin, so you’ll need to configure that by running the s2-quickstart script.

所以看着 https://grails-plugins.github.io/grails-spring-security-core/
和 https://grails-plugins.github.io/grails-spring-security-core/3.1.x/index.html(因为您使用的是Grails 3.2.x)

3.5. Anonymous authentication

In standard Spring Security and older versions of the plugin, there is support for an “anonymous” authentication. This is implemented by a filter that registers a simple Authentication in the SecurityContext to remove the need for null checks, since there will always be an Authentication available. This approach is still problematic though because the Principal of the anonymous authentication is a String, whereas it is a UserDetails instance when there is a non-anonymous authentication.

Since you still have to be careful to differentiate between anonymous and non-anonymous authentications, the plugin now creates an anonymous Authentication which will be an instance of grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken with a standard org.springframework.security.core.userdetails.User instance as its Principal. The authentication will have a single granted role, ROLE_ANONYMOUS.

和

5.2. URLs and Authorities

In each approach you configure a mapping for a URL pattern to the role(s) that are required to access those URLs, for example, /admin/user/** requires ROLE_ADMIN. In addition, you can combine the role(s) with SpEL expressions and/or tokens such as IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_REMEMBERED, and IS_AUTHENTICATED_FULLY. One or more voters (Voters) will process any tokens and enforce a rule based on them:

IS_AUTHENTICATED_ANONYMOUSLY

    signifies that anyone can access this URL. By default the AnonymousAuthenticationFilter ensures an “anonymous” Authentication

with no roles so that every user has an authentication. The token accepts any authentication, even anonymous.

    The SpEL expression permitAll is equivalent to IS_AUTHENTICATED_ANONYMOUSLY and is typically more intuitive to use