我正在尝试使用access_token授权来做一个简单的Grails RESTFUL API。
我正在按照教程中的示例进行操作,但是在这种情况下,我无法继续,因为我的localhost:8080 / api / login url(我应该用来获取access_token的URL)不起作用。
我首先创建了我的grails 3 API,如下所示:
grails create-app --profile rest-api --features hibernate5,json-views,security
这些是我的安全域类:
我没有碰过它们,它们是由Spring Security s2-quickstart coopoliova.backend.security用户角色命令创建的。
这是我的应用程序。
grails.plugin.springsecurity.filterChain.chainMap = [
//Stateless chain
[
pattern: '/**',
filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
],
//Traditional, stateful chain
[
pattern: '/stateful/**',
filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'
]
]
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'coopoliva.backend.security.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'coopoliva.backend.security.UserRole'
grails.plugin.springsecurity.authority.className = 'coopoliva.backend.security.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
[pattern: '/', access: ['permitAll']],
[pattern: '/error', access: ['permitAll']],
[pattern: '/index', access: ['permitAll']],
[pattern: '/index.gsp', access: ['permitAll']],
[pattern: '/shutdown', access: ['permitAll']],
[pattern: '/assets/**', access: ['permitAll']],
[pattern: '/**/js/**', access: ['permitAll']],
[pattern: '/**/css/**', access: ['permitAll']],
[pattern: '/**/images/**', access: ['permitAll']],
[pattern: '/**/favicon.ico', access: ['permitAll']],
[pattern: '/api/rest', access: ['permitAll']]
]
grails.plugin.springsecurity.filterChain.chainMap = [
[pattern: '/assets/**', filters: 'none'],
[pattern: '/**/js/**', filters: 'none'],
[pattern: '/**/css/**', filters: 'none'],
[pattern: '/**/images/**', filters: 'none'],
[pattern: '/**/favicon.ico', filters: 'none'],
[pattern: '/**', filters: 'JOINED_FILTERS']
]
因此,我在 bootstrap 上创建了几个用户,如下所示:
def init = { servletContext ->
def adminUser = new User(username: "adminuser",
password: "1234", enabled: true);
adminUser.save(flush:true)
def userUser = new User(username: "useruser",
password: "1234", enabled: true);
userUser.save(flush:true)
def userRole = Role.findByAuthority("ROLE_USER") ?: new Role("ROLE_USER")
def adminRole = Role.findByAuthority("ROLE_ADMIN") ?: new Role("ROLE_ADMIN")
userRole.save(flush:true)
adminRole.save(flush:true)
UserRole.create(adminUser, adminRole)
UserRole.create(userUser, userRole)
}
因此,从理论上讲;如果我发送带有凭证用户名:“useruser”,密码:“1234”的POST请求,则该请求应该有效。
但是,这发生了:
401未经授权!
那么...为什么会这样呢?我只需要access_token,这样我就可以将其传递给所有其他请求。
提前致谢!
最佳答案
您需要允许访问您的登录网址
[pattern: 'api/login/**', access: ['permitAll']]
另外,您具有grails.plugin.springsecurity.filterChain.chainMap的重复配置
关于spring - 我的api/登录帖子在Spring安全的Grails 3上遭到未授权,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45000338/