如何为Grails 3.x配置Spring Security Rest Plugin(当前我正在使用Grails 3.1.0 RC2)。
插件页面上说“向您的:spring-security-rest:${version}
添加编译BuildConfig.groovy
”,但是BuildConfig.groovy
已从Grails 3.x中删除。
编辑:插件页面上的文档已更新
最佳答案
所以我得到了这个工作。首先,位于[here] [1]的文档是最新的。您需要将以下内容添加到build.gradle
build.gradle
dependencies {
//Other dependencies
compile "org.grails.plugins:spring-security-rest:2.0.0.M2"
}
接下来,您需要运行Spring Security快速入门
grails s2-quickstart com.yourapp Person Role
最后,您需要配置过滤器链,但将以下内容添加到
application.groovy
中。application.groovy
grails.plugin.springsecurity.filterChain.chainMap = [
//Stateless chain
[
pattern: '/api/**',
filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
],
//Traditional chain
[
pattern: '/**',
filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'
]
]
替代方法:
我决定将配置移动到
application.yml
,因此我没有使用两种不同的配置语法。替代配置1:
使用
application.yml
和标准默认设置grails:
# other config values
plugin.springsecurity:
userLookup.userDomainClassName: 'com.company.product.Person'
userLookup.authorityJoinClassName: 'com.company.product.PersonRole'
authority.className: 'com.company.product.Role'
controllerAnnotations.staticRules:
- {pattern: '/', access: ['permitAll']}
- {pattern: '/error', access: ['permitAll']}
- {pattern: '/index', access: ['permitAll']}
- {pattern: '/index.gsp', access: ['permitAll']}
- {pattern: '/shutdown', access: ['permitAll']}
- {pattern: '/assets/**', access: ['permitAll']}
- {pattern: '/**/js/**', access: ['permitAll']}
- {pattern: '/**/css/**', access: ['permitAll']}
- {pattern: '/**/images/**', access: ['permitAll']}
- {pattern: '/**/favicon.ico', access: ['permitAll']}
filterChain.chainMap:
- {pattern: '/assets/**', filters: 'none'}
- {pattern: '/**/js/**', filters: 'none'}
- {pattern: '/**/css/**', filters: 'none'}
- {pattern: '/**/images/**', filters: 'none'}
- {pattern: '/**/favicon.ico', filters: 'none'}
#Stateless chain
- {pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'}
#Traditional chain
- {pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'}
我也(这是完全可选的)
所以我结束了这个
替代配置2:
仅使用具有API的
application.yml
(无GSP)和GORM token 存储并使用X-Auth-Tokens(而不是Bearer Tokens)grails:
# other config values
plugin.springsecurity:
userLookup.userDomainClassName: 'com.company.product.Person'
userLookup.authorityJoinClassName: 'com.company.product.PersonRole'
authority.className: 'com.company.product.Role'
filterChain.chainMap:
#Stateless chain
- {pattern: '/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'}
rest.token:
storage.gorm.tokenDomainClassName: 'com.company.product.AuthenticationToken'
validation:
useBearerToken: false
headerName: 'X-Auth-Token'
关于grails - 如何为Grails 3.x配置Spring Security Rest,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35062081/