Spring 圣杯&x2B;春季安全休息+;如何登录
我使用grails创建了一个示例rest应用程序,并使用SpringSecurityREST插件添加了一个安全性。我正在尝试使用rest客户端POSTMAN进行测试,但当我在原始数据中发送用户名和密码为json的post请求时,得到404到“$MYAPP/api/login”,401到“$MYAPP/api/login/”。 我关注了所有的博客和博客,但没有一个对我有用。这是我的密码。 在Config.groovy中Spring 圣杯&x2B;春季安全休息+;如何登录,spring,security,rest,grails,Spring,Security,Rest,Grails,我使用grails创建了一个示例rest应用程序,并使用SpringSecurityREST插件添加了一个安全性。我正在尝试使用rest客户端POSTMAN进行测试,但当我在原始数据中发送用户名和密码为json的post请求时,得到404到“$MYAPP/api/login”,401到“$MYAPP/api/login/”。 我关注了所有的博客和博客,但没有一个对我有用。这是我的密码。 在Config.groovy中 // Added by the Spring Security Core pl
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.example.api.auth.APIUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.example.api.auth.APIUserRole'
grails.plugin.springsecurity.authority.className = 'com.example.api.auth.Role'
grails.plugin.springsecurity.securityConfigType = 'InterceptUrlMap'
grails.plugin.springsecurity.interceptUrlMap = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/partials/**': ['permitAll'],
'/api/**': ['permitAll'],
'/**': ['isFullyAuthenticated()']
]
grails.plugin.springsecurity.filterChain.chainMap = [
'/api*//**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter', // Stateless chain
'*//**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter' // Traditional chain
]
grails.plugin.springsecurity.rest.login.active=true
grails.plugin.springsecurity.rest.login.endpointUrl = '/api/login'
grails.plugin.springsecurity.rememberMe.persistent = false
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.useRequestParamsCredentials = false
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.login.passwordPropertyName = 'password'
grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'com.example.api.auth.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName = 'token'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.token.storage.gorm.passwordPropertyName = 'password'
grails.plugin.springsecurity.rest.logout.endpointUrl = '/api/logout'
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false
// security
compile ":spring-security-core:2.0-RC4"
compile ":spring-security-rest:1.4.0.RC5", {
excludes ('cors','spring-security-core')
}
在BuildConfig.groovy中
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.example.api.auth.APIUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.example.api.auth.APIUserRole'
grails.plugin.springsecurity.authority.className = 'com.example.api.auth.Role'
grails.plugin.springsecurity.securityConfigType = 'InterceptUrlMap'
grails.plugin.springsecurity.interceptUrlMap = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/partials/**': ['permitAll'],
'/api/**': ['permitAll'],
'/**': ['isFullyAuthenticated()']
]
grails.plugin.springsecurity.filterChain.chainMap = [
'/api*//**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter', // Stateless chain
'*//**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter' // Traditional chain
]
grails.plugin.springsecurity.rest.login.active=true
grails.plugin.springsecurity.rest.login.endpointUrl = '/api/login'
grails.plugin.springsecurity.rememberMe.persistent = false
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.useRequestParamsCredentials = false
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.login.passwordPropertyName = 'password'
grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'com.example.api.auth.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName = 'token'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.token.storage.gorm.passwordPropertyName = 'password'
grails.plugin.springsecurity.rest.logout.endpointUrl = '/api/logout'
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false
// security
compile ":spring-security-core:2.0-RC4"
compile ":spring-security-rest:1.4.0.RC5", {
excludes ('cors','spring-security-core')
}
如果我的配置或使用POSTMAN的测试方法有问题,请提供反馈。这是我最后的config.groovy代码
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'example.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'example.UserRole'
grails.plugin.springsecurity.authority.className = 'example.Role'
grails.plugin.springsecurity.interceptUrlMap = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/partials/**': ['permitAll'],
'/api/**': ['isFullyAuthenticated()'],
'/**': ['isFullyAuthenticated()']
]
grails.plugin.springsecurity.filterChain.chainMap = [
'/auth/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter, -rememberMeAuthenticationFilter', // Stateless chain
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter', // Stateless chain
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter' // Traditional chain
]
grails.plugin.springsecurity.rest.login.active=true
grails.plugin.springsecurity.rest.login.endpointUrl='/auth/login'
grails.plugin.springsecurity.rest.login.failureStatusCode=401
grails.plugin.springsecurity.rest.login.useJsonCredentials=true
grails.plugin.springsecurity.rest.login.usernamePropertyName='username'
grails.plugin.springsecurity.rest.login.passwordPropertyName='password'
grails.plugin.springsecurity.rest.logout.endpointUrl='/auth/logout'
grails.plugin.springsecurity.rest.token.storage.useGorm=true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName='example.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName='tokenValue'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName='username'
grails.plugin.springsecurity.rest.token.generation.useSecureRandom=true
//grails.plugin.springsecurity.rest.token.validation.headerName='X-Auth-Token'
grails.plugin.springsecurity.rest.token.generation.useUUID=false
grails.plugin.springsecurity.rest.token.validation.active=true
grails.plugin.springsecurity.rest.token.validation.endpointUrl='/auth/validate'
不确定“当我发送原始数据中用户名和密码为json的post请求时”是什么意思。必须将JSON结构作为HTTP POST的主体传递,否则它将无法工作。例如,在Chrome开发工具中,当我登录并单击网络,然后查看请求负载时,它看起来是这样的:{“用户名”:“myusername”,“密码”:“mypassword”}而且我不确定为什么您的interceptUrlMap中有“/api/**”-您是否试图要求使用REST安全插件对api进行身份验证?这意味着它的开放性很强。谢谢你的来信。是的,我发送的授权POST请求与正文中的{“用户名”:“我的用户名”,“密码”:“我的密码”}相同。我还将interceptUrlMap中的“/api/**”更改为isFullyAuthenticated()。我发现问题是因为从spring security rest中排除了cors插件。我将发布我的最终代码供其他人参考,这些代码运行良好。我们是否需要在url映射文件中进行任何更改?只需为您的api指定url映射。这是我的
“/api/correlations”(版本:'1.0',资源:'correlations',命名空间:'v1')”/api/users(版本:'1.0',资源:'User',命名空间:'v1',排除:['delete','update'])