Grails3:SpringSecurityREST返回登录页面
我使用的是一个Grails3.1.9应用程序,无法通过传递承载令牌来访问我的安全方法。少了什么 问题: 登录请求(路径:): 登录响应:Grails3:SpringSecurityREST返回登录页面,grails,spring-security,bearer-token,grails3,Grails,Spring Security,Bearer Token,Grails3,我使用的是一个Grails3.1.9应用程序,无法通过传递承载令牌来访问我的安全方法。少了什么 问题: 登录请求(路径:): 登录响应: { "username": "adm", "roles": [ "ROLE_ADM" ], "token_type": "Bearer", "access_token": "enjUSkoPnOhTFg ...", "expires_in": 4600000, "refresh_token
{
"username": "adm",
"roles": [
"ROLE_ADM"
],
"token_type": "Bearer",
"access_token": "enjUSkoPnOhTFg ...",
"expires_in": 4600000,
"refresh_token": "eyhaFthjvTgf ..."
}
然后我将访问令牌发送到路径::
但服务器返回登录页面html内容。
OBS:Controller方法具有anotation@Secured('ROLE\u ADM')
,当我使用@Secured('permitAll')
配置:
我发现了问题。我必须从“/auth/**”路径中删除传统的spring安全过滤器 这就解决了问题:
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter',
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter',
// add this line:
'/auth/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
]
{
"Authorization": "Bearer enjUSkoPnOhTFg ..."
}
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.test.domain.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.test.domain.UserRole'
grails.plugin.springsecurity.authority.className = 'com.test.domain.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll']
]
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter',
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'
]
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter',
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter',
// add this line:
'/auth/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
]