Grails 之 Acegi Plugin 转移到Spring Security Core Plugin
2012-09-01 11:02
106 查看
现在Acegi Plugin插件已经停止开发了,已经转移到了Spring Security Core Plugin了。它们虽然师出同门,还是有很多地方需要调整的。
以下是官方文档,新入手看了这些还是有点蒙的,具体在文章后面进行解说。
If you formerly used the Acegi plugin, change your application configuration settings as follows.
The table shows names of corresponding configuration properties.
The plugin's configuration values all start with
all property overrides with the
in
问题一、
Acegi Plugin插件是在rails-app/conf/ SecurityConfig.groovy里面的,而Spring Security是在grails-app/conf/Config.groovy的,这点不复杂,官方文档也有说道。
问题二、
很多命名已经更改了,这个上文也有提到,如果没什么印象,可在看看上面的官方文档。
问题三、
这个问题比较关键Acegi Plugin插件默认的密码编码是与Spring Security默认编码是不一样的,所以需要在Config.groovy里面指定编码,如果以前使用的是MD5则需要重新配置为MD5,如下:
读取配置文件
Spring Security CorePlugin读取配置文件的方式为 SpringSecurityUtils.securityConfig
页面读取登录信息
采用了sec标签,如<sec:ifLoggedIn>,更多标签可见:http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/6%20Helper%20Classes.html#6.1%20SecurityTagLib
工具类与service类,目前能够用到的主要是这两个类里面的方法
org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
grails.plugins.springsecurity.SpringSecurityService
以下是官方文档,新入手看了这些还是有点蒙的,具体在文章后面进行解说。
3 Migrating from the Acegi Plugin
If you formerly used the Acegi plugin, change your application configuration settings as follows.Setting | Spring Security Plugin | Acegi Plugin |
---|---|---|
Enabled by default | true | false |
Cache UserDetails by default | false | true |
Configuration location | grails-app/conf/ Config.groovy | grails-app/conf/ SecurityConfig.groovy |
Security service | springSecurityService | authenticateService |
The plugin's configuration values all start with
grails.plugins.springsecurityto distinguish them from similarly named options in Grails and from other plugins. You must specify
all property overrides with the
grails.plugins.springsecuritysuffix. For example, you specify the attribute
password.algorithmas:
grails.plugins.springsecurity.password.algorithm='SHA-512'
in
Config.groovy
Acegi Plugin | Spring Security Plugin |
---|---|
active | active |
loginUserDomainClass | userLookup.userDomainClassName |
userName | userLookup.usernamePropertyName |
enabled | userLookup.enabledPropertyName |
password | userLookup.passwordPropertyName |
relationalAuthorities | userLookup.authoritiesPropertyName |
getAuthoritiesMethod | N/A |
authorityDomainClass | authority.className |
authorityField | authority.nameField |
authenticationFailureUrl | failureHandler.defaultFailureUrl |
ajaxAuthenticationFailureUrl | failureHandler.ajaxAuthFailUrl |
defaultTargetUrl | successHandler.defaultTargetUrl |
alwaysUseDefaultTargetUrl | successHandler.alwaysUseDefault |
filterProcessesUrl | apf.filterProcessesUrl |
key | anon.key |
userAttribute | anon.userAttribute |
loginFormUrl | auth.loginFormUrl |
forceHttps | auth.forceHttps |
ajaxLoginFormUrl | auth.ajaxLoginFormUrl |
afterLogoutUrl | logout.afterLogoutUrl |
errorPage | adh.errorPage |
ajaxErrorPage | adh.ajaxErrorPage |
ajaxHeader | ajaxHeader |
algorithm | password.algorithm |
encodeHashAsBase64 | password.encodeHashAsBase64 |
cookieName | rememberMe.cookieName |
alwaysRemember | rememberMe.alwaysRemember |
tokenValiditySeconds | rememberMe.tokenValiditySeconds |
parameter | rememberMe.parameter |
rememberMeKey | rememberMe.key |
useLogger | registerLoggerListener |
useRequestMapDomainClass | securityConfigType = "Requestmap" |
requestMapClass | requestMap.className |
requestMapPathField | requestMap.urlField |
requestMapConfigAttributeField | requestMap.configAttributeField |
useControllerAnnotations | securityConfigType = "Annotation" |
controllerAnnotationsMatcher | controllerAnnotations.matcher |
controllerAnnotationsMatchesLowercase | controllerAnnotations.lowercase |
controllerAnnotationStaticRules | controllerAnnotations.staticRules |
controllerAnnotationsRejectIfNoRule | rejectIfNoRule |
requestMapString | N/A - securityConfigType = "InterceptUrlMap" is very similar |
realmName | basic.realmName |
basicProcessingFilter | useBasicAuth |
switchUserProcessingFilter | useSwitchUserFilter |
swswitchUserUrl | switchUser.switchUserUrl |
swexitUserUrl | switchUser.exitUserUrl |
swtargetUrl | switchUser.targetUrl |
useMail | N/A - registration is supported in the UI plugin |
mailHost | N/A - registration is supported in the UI plugin |
mailUsername | N/A - registration is supported in the UI plugin |
mailPassword | N/A - registration is supported in the UI plugin |
mailProtocol | N/A - registration is supported in the UI plugin |
mailFrom | N/A - registration is supported in the UI plugin |
mailPort | N/A - registration is supported in the UI plugin |
defaultRole | N/A - registration is supported in the UI plugin |
useOpenId | N/A - supported in the OpenID plugin |
openIdNonceMaxSeconds | N/A - supported in the OpenID plugin |
useLdap | N/A - supported in the LDAP plugin |
ldapRetrieveGroupRoles | N/A - supported in the LDAP plugin |
ldapRetrieveDatabaseRoles | N/A - supported in the LDAP plugin |
ldapSearchSubtree | N/A - supported in the LDAP plugin |
ldapGroupRoleAttribute | N/A - supported in the LDAP plugin |
ldapPasswordAttributeName | N/A - supported in the LDAP plugin |
ldapServer | N/A - supported in the LDAP plugin |
ldapManagerDn | N/A - supported in the LDAP plugin |
ldapManagerPassword | N/A - supported in the LDAP plugin |
ldapSearchBase | N/A - supported in the LDAP plugin |
ldapSearchFilter | N/A - supported in the LDAP plugin |
ldapGroupSearchBase | N/A - supported in the LDAP plugin |
ldapGroupSearchFilter | N/A - supported in the LDAP plugin |
ldapUsePassword | N/A - supported in the LDAP plugin |
useKerberos | N/A - will be supported in a secondary plugin |
kerberosLoginConfigFile | N/A - will be supported in a secondary plugin |
kerberosRealm | N/A - will be supported in a secondary plugin |
kerberosKdc | N/A - will be supported in a secondary plugin |
kerberosRetrieveDatabaseRoles | N/A - will be supported in a secondary plugin |
useHttpSessionEventPublisher | useHttpSessionEventPublisher |
cacheUsers | cacheUsers |
useCAS | N/A - supported in the CAS plugin |
cas.casServer | N/A - supported in the CAS plugin |
cas.casServerPort | N/A - supported in the CAS plugin |
cas.casServerSecure | N/A - supported in the CAS plugin |
cas.localhostSecure | N/A - supported in the CAS plugin |
cas.failureURL | N/A - supported in the CAS plugin |
cas.defaultTargetURL | N/A - supported in the CAS plugin |
cas.fullLoginURL | N/A - supported in the CAS plugin |
cas.fullServiceURL | N/A - supported in the CAS plugin |
cas.authenticationProviderKey | N/A - supported in the CAS plugin |
cas.userDetailsService | N/A - supported in the CAS plugin |
cas.sendRenew | N/A - supported in the CAS plugin |
cas.proxyReceptorUrl | N/A - supported in the CAS plugin |
cas.filterProcessesUrl | N/A - supported in the CAS plugin |
useNtlm | N/A - will be supported in a secondary plugin |
ntlm.stripDomain | N/A - will be supported in a secondary plugin |
ntlm.retryOnAuthFailure | N/A - will be supported in a secondary plugin |
ntlm.forceIdentification | N/A - will be supported in a secondary plugin |
ntlm.defaultDomain | N/A - will be supported in a secondary plugin |
ntlm.netbiosWINS | N/A - will be supported in a secondary plugin |
httpPort | portMapper.httpPort |
httpsPort | portMapper.httpsPort |
secureChannelDefinitionSource | N/A, use secureChannel.definition |
channelConfig | secureChannel.definition |
ipRestrictions | ipRestrictions |
useFacebook | N/A - will be supported in the Facebook plugin |
facebook.filterProcessesUrl | N/A - will be supported in the Facebook plugin |
facebook.authenticationUrlRoot | N/A - will be supported in the Facebook plugin |
facebook.apiKey | N/A - will be supported in the Facebook plugin |
facebook.secretKey | N/A - will be supported in the Facebook plugin |
Acegi Plugin插件是在rails-app/conf/ SecurityConfig.groovy里面的,而Spring Security是在grails-app/conf/Config.groovy的,这点不复杂,官方文档也有说道。
问题二、
很多命名已经更改了,这个上文也有提到,如果没什么印象,可在看看上面的官方文档。
问题三、
这个问题比较关键Acegi Plugin插件默认的密码编码是与Spring Security默认编码是不一样的,所以需要在Config.groovy里面指定编码,如果以前使用的是MD5则需要重新配置为MD5,如下:
grails { plugins { springsecurity { ... password.algorithm = "MD5" ... } } }
读取配置文件
Spring Security CorePlugin读取配置文件的方式为 SpringSecurityUtils.securityConfig
页面读取登录信息
采用了sec标签,如<sec:ifLoggedIn>,更多标签可见:http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/6%20Helper%20Classes.html#6.1%20SecurityTagLib
工具类与service类,目前能够用到的主要是这两个类里面的方法
org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
grails.plugins.springsecurity.SpringSecurityService
相关文章推荐
- grails 之 Spring Security Core Plugin 使用
- Spring Security Core Plugin - 5. 配置到安全URL的请求映射
- grails之spring-security-core自定义加密方式
- Spring-Security-core插件使用教程
- 导入所需要的jar包: xwork-core-2.2.1.jarxwork-core-2.2.1.jar struts2-spring-plugin-2.2.1.jarstruts2-spring-plugin-2.2.1.jar struts2-cor
- grails+spring Security项目demo
- Hacking Custom Authentication Providers with Grails Spring Security
- Spring-Security-core插件使用教程
- Grails, spring-security-core plugin:使用email登录
- Spring boot security
- Spring-Security权限管理框架(1)——根据角色权限登录
- Spring Security Web应用入门环境搭建
- spring-security 配置及解析
- nested exception is java.lang.IncompatibleClassChangeError: class org.springframework.core.type.clas
- 传智播客-- 教育办公系统集成 spring-security 框架实现权限模块
- Spring3 学习笔记之(spring core 之IoC配置使用)
- Spring-Security 自定义Filter完成验证码校验
- Spring Cloud Security
- spring-security-oauth2的mysql数据表
- spring-core组件详解――PropertyResolver属性解决器