403关于“a”的答复；刷新“U令牌”；Grails3应用程序中使用SpringSecurityREST的请求_Rest_Grails_Spring Security_Oauth

403关于“a”的答复；刷新“U令牌”；Grails3应用程序中使用SpringSecurityREST的请求

rest grails spring-security oauth

403关于“a”的答复；刷新“U令牌”；Grails3应用程序中使用SpringSecurityREST的请求,rest,grails,spring-security,oauth,Rest,Grails,Spring Security,Oauth,我在Grails3应用程序中使用SpringSecurityREST发出“刷新令牌”请求时遇到了一些问题。我有一个既有web前端又有一些Rest端点的应用程序，其他一切似乎都运行良好。当我通过curl发出登录请求时，web应用程序的行为与预期一致 curl -i -X POST localhost:8080/api/login \ -H "Content-Type: application/json" \ -d '{"username":"johndoe", "password":"johndo

我在Grails3应用程序中使用SpringSecurityREST发出“刷新令牌”请求时遇到了一些问题。我有一个既有web前端又有一些Rest端点的应用程序，其他一切似乎都运行良好。当我通过curl发出登录请求时，web应用程序的行为与预期一致

curl -i -X POST localhost:8080/api/login \
-H "Content-Type: application/json" \
-d '{"username":"johndoe", "password":"johndoepassword"}'

我得到了预期的响应（我截断了令牌）：

在实际的应用程序中，我可以将access_令牌添加到头中，并在会话期间无问题地进行身份验证。然而，当我用鼠标点击“刷新令牌”端点时，我得到了403

curl -i -X POST localhost:8080/oauth/access_token \
-H "Content-Type: application/x-www-form-urlencoded"  \
-d "grant_type=refresh_token&refresh_token=eyJhbGciOiJIUzI1NiJ9.xxxx"

这一切在文档中看起来很简单，但我显然做错了什么。以下是我认为与配置文件相关的部分：

grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    [pattern: '/error',          access: ['permitAll']],
    [pattern: '/login',          access: ['permitAll']],
    [pattern: '/login/**',          access: ['permitAll']],
    [pattern: '/oauth/**',          access: ['permitAll']],
    [pattern: '/user/register',          access: ['permitAll']],
    [pattern: '/user/register/**',          access: ['permitAll']],
    [pattern: '/user/submitRegistration',          access: ['permitAll']],
    [pattern: '/logoff',          access: ['permitAll']],
    [pattern: '/shutdown',       access: ['permitAll']],
    [pattern: '/assets/**',      access: ['permitAll']],
    [pattern: '/**/js/**',       access: ['permitAll']],
    [pattern: '/**/css/**',      access: ['permitAll']],
    [pattern: '/**/images/**',   access: ['permitAll']],
    [pattern: '/**/favicon.ico', access: ['permitAll']],
    [pattern: '/surveyAdmin/**',  access: ['ROLE_ADMIN']] ,
    [pattern: '/**',               access: ['ROLE_USER']]
]

grails.plugin.springsecurity.filterChain.chainMap = [
    [pattern: '/assets/**',      filters: 'none'],
    [pattern: '/**/js/**',       filters: 'none'],
    [pattern: '/**/css/**',      filters: 'none'],
    [pattern: '/**/images/**',   filters: 'none'],
    [pattern: '/**/favicon.ico', filters: 'none'],

    [
            pattern: '/api/**',
            filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
    ],

    [
            pattern: '/rest/**',
            filters: 'restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'
    ],
    [pattern: '/**',             filters: 'JOINED_FILTERS']
]

有人能建议一条穿过这里的路吗

谢谢，

Alex

正如经常发生的那样，我在发布问题后不久就找到了答案。我使用的自定义用户类实现org.springframework.security.core.userdetails.userdetails，但不扩展org.springframework.security.core.userdetails.user。该插件假定主体可以强制转换为“用户”对象，这导致用户查找/令牌生成失败。要么更改我的自定义类以扩展用户，要么重写插件中的refreshToken方法以接受我的自定义用户类，这一切都正常工作

grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    [pattern: '/error',          access: ['permitAll']],
    [pattern: '/login',          access: ['permitAll']],
    [pattern: '/login/**',          access: ['permitAll']],
    [pattern: '/oauth/**',          access: ['permitAll']],
    [pattern: '/user/register',          access: ['permitAll']],
    [pattern: '/user/register/**',          access: ['permitAll']],
    [pattern: '/user/submitRegistration',          access: ['permitAll']],
    [pattern: '/logoff',          access: ['permitAll']],
    [pattern: '/shutdown',       access: ['permitAll']],
    [pattern: '/assets/**',      access: ['permitAll']],
    [pattern: '/**/js/**',       access: ['permitAll']],
    [pattern: '/**/css/**',      access: ['permitAll']],
    [pattern: '/**/images/**',   access: ['permitAll']],
    [pattern: '/**/favicon.ico', access: ['permitAll']],
    [pattern: '/surveyAdmin/**',  access: ['ROLE_ADMIN']] ,
    [pattern: '/**',               access: ['ROLE_USER']]
]

grails.plugin.springsecurity.filterChain.chainMap = [
    [pattern: '/assets/**',      filters: 'none'],
    [pattern: '/**/js/**',       filters: 'none'],
    [pattern: '/**/css/**',      filters: 'none'],
    [pattern: '/**/images/**',   filters: 'none'],
    [pattern: '/**/favicon.ico', filters: 'none'],

    [
            pattern: '/api/**',
            filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
    ],

    [
            pattern: '/rest/**',
            filters: 'restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'
    ],
    [pattern: '/**',             filters: 'JOINED_FILTERS']
]