spring - Grails + Spring Security Rest +如何登录

标签 spring security rest grails

我已经使用grails创建了示例休息应用程序,并使用spring security rest插件添加了安全性。我正在尝试使用其余客户端POSTMAN进行测试,但是当我在原始数据中使用用户名和密码作为json发送发帖请求时,得到404到'$ MYAPP / api / login'和401'$ MYAPP / api / login /'到。
我关注了所有博客和stackoverflow,但没有一件对我有用。这是我的代码。
在Config.groovy中

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.example.api.auth.APIUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.example.api.auth.APIUserRole'
grails.plugin.springsecurity.authority.className = 'com.example.api.auth.Role'
grails.plugin.springsecurity.securityConfigType = 'InterceptUrlMap'
grails.plugin.springsecurity.interceptUrlMap = [
        '/':                    ['permitAll'],
        '/index':               ['permitAll'],
        '/index.gsp':           ['permitAll'],
        '/assets/**':           ['permitAll'],
        '/partials/**':         ['permitAll'],
        '/api/**':              ['permitAll'],
        '/**':                  ['isFullyAuthenticated()']
]
grails.plugin.springsecurity.filterChain.chainMap = [
        '/api*//**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter',  // Stateless chain
        '*//**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'                                          // Traditional chain
]

grails.plugin.springsecurity.rest.login.active=true
grails.plugin.springsecurity.rest.login.endpointUrl = '/api/login'
grails.plugin.springsecurity.rememberMe.persistent = false
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.useRequestParamsCredentials = false
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.usernamePropertyName =  'username'
grails.plugin.springsecurity.rest.login.passwordPropertyName =  'password'
grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'com.example.api.auth.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName = 'token'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.token.storage.gorm.passwordPropertyName = 'password'
grails.plugin.springsecurity.rest.logout.endpointUrl = '/api/logout'
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false

在BuildConfig.groovy中
// security
        compile ":spring-security-core:2.0-RC4"
        compile ":spring-security-rest:1.4.0.RC5", {
            excludes ('cors','spring-security-core')
        }

如果我的配置或使用POSTMAN的测试方式有问题,请提供反馈。

最佳答案

这是我最后可用的config.groovy代码。

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'example.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'example.UserRole'
grails.plugin.springsecurity.authority.className = 'example.Role'
grails.plugin.springsecurity.interceptUrlMap = [
    '/':                    ['permitAll'],
    '/index':               ['permitAll'],
    '/index.gsp':           ['permitAll'],
    '/assets/**':           ['permitAll'],
    '/partials/**':         ['permitAll'],
    '/api/**':              ['isFullyAuthenticated()'],
    '/**':                  ['isFullyAuthenticated()']
]
grails.plugin.springsecurity.filterChain.chainMap = [
    '/auth/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter, -rememberMeAuthenticationFilter', // Stateless chain
    '/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter', // Stateless chain
    '/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'   // Traditional chain
]
grails.plugin.springsecurity.rest.login.active=true
grails.plugin.springsecurity.rest.login.endpointUrl='/auth/login'
grails.plugin.springsecurity.rest.login.failureStatusCode=401
grails.plugin.springsecurity.rest.login.useJsonCredentials=true
grails.plugin.springsecurity.rest.login.usernamePropertyName='username'
grails.plugin.springsecurity.rest.login.passwordPropertyName='password'
grails.plugin.springsecurity.rest.logout.endpointUrl='/auth/logout'
grails.plugin.springsecurity.rest.token.storage.useGorm=true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName='example.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName='tokenValue'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName='username'
grails.plugin.springsecurity.rest.token.generation.useSecureRandom=true
//grails.plugin.springsecurity.rest.token.validation.headerName='X-Auth-Token'
grails.plugin.springsecurity.rest.token.generation.useUUID=false
grails.plugin.springsecurity.rest.token.validation.active=true
grails.plugin.springsecurity.rest.token.validation.endpointUrl='/auth/validate'

关于spring - Grails + Spring Security Rest +如何登录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28481656/

上一篇:iphone - 如何通过SSH从iPhone发送命令?有任何编码帮助或 sample 可用吗?

下一篇:perl - 为什么 ssh 在我将密码提供给 Perl 的 Net::SSH::Perl 后提示我输入密码?

相关文章:

spring - 使用 Spring MVC 框架设置 Intellij

python - 使用python生成促销代码

java - 安全性:在struts 1中实现针对CSRF攻击的解决方案

java - Spring4 Jersey2集成: Adding jersey-spring4 fails

java - Spring MVC 拦截器模式

java - Spring,依赖注入(inject)查询

asp.net - 保护 asp.net Web 应用程序的步骤 list ?

node.js - 如何在 keycloak 中调用 create user api 后获取 userId?

java - 如何查找实体类中没有属性

java - @运行时的值

©2024 IT工具网  联系我们