Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/11.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/security/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Spring 圣杯&x2B;春季安全休息+;如何登录_Spring_Security_Rest_Grails - Fatal编程技术网
Fatal编程技术网
  • spring/
  • Spring 圣杯&x2B;春季安全休息+;如何登录

Spring 圣杯&x2B;春季安全休息+;如何登录

spring security rest grails

Spring 圣杯&x2B;春季安全休息+;如何登录,spring,security,rest,grails,Spring,Security,Rest,Grails,我使用grails创建了一个示例rest应用程序,并使用SpringSecurityREST插件添加了一个安全性。我正在尝试使用rest客户端POSTMAN进行测试,但当我在原始数据中发送用户名和密码为json的post请求时,得到404到“$MYAPP/api/login”,401到“$MYAPP/api/login/”。 我关注了所有的博客和博客,但没有一个对我有用。这是我的密码。 在Config.groovy中 // Added by the Spring Security Core pl

我使用grails创建了一个示例rest应用程序,并使用SpringSecurityREST插件添加了一个安全性。我正在尝试使用rest客户端POSTMAN进行测试,但当我在原始数据中发送用户名和密码为json的post请求时,得到404到“$MYAPP/api/login”,401到“$MYAPP/api/login/”。 我关注了所有的博客和博客,但没有一个对我有用。这是我的密码。 在Config.groovy中

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.example.api.auth.APIUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.example.api.auth.APIUserRole'
grails.plugin.springsecurity.authority.className = 'com.example.api.auth.Role'
grails.plugin.springsecurity.securityConfigType = 'InterceptUrlMap'
grails.plugin.springsecurity.interceptUrlMap = [
        '/':                    ['permitAll'],
        '/index':               ['permitAll'],
        '/index.gsp':           ['permitAll'],
        '/assets/**':           ['permitAll'],
        '/partials/**':         ['permitAll'],
        '/api/**':              ['permitAll'],
        '/**':                  ['isFullyAuthenticated()']
]
grails.plugin.springsecurity.filterChain.chainMap = [
        '/api*//**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter',  // Stateless chain
        '*//**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'                                          // Traditional chain
]

grails.plugin.springsecurity.rest.login.active=true
grails.plugin.springsecurity.rest.login.endpointUrl = '/api/login'
grails.plugin.springsecurity.rememberMe.persistent = false
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.useRequestParamsCredentials = false
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.usernamePropertyName =  'username'
grails.plugin.springsecurity.rest.login.passwordPropertyName =  'password'
grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'com.example.api.auth.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName = 'token'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.token.storage.gorm.passwordPropertyName = 'password'
grails.plugin.springsecurity.rest.logout.endpointUrl = '/api/logout'
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false

// security
        compile ":spring-security-core:2.0-RC4"
        compile ":spring-security-rest:1.4.0.RC5", {
            excludes ('cors','spring-security-core')
        }
在BuildConfig.groovy中

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.example.api.auth.APIUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.example.api.auth.APIUserRole'
grails.plugin.springsecurity.authority.className = 'com.example.api.auth.Role'
grails.plugin.springsecurity.securityConfigType = 'InterceptUrlMap'
grails.plugin.springsecurity.interceptUrlMap = [
        '/':                    ['permitAll'],
        '/index':               ['permitAll'],
        '/index.gsp':           ['permitAll'],
        '/assets/**':           ['permitAll'],
        '/partials/**':         ['permitAll'],
        '/api/**':              ['permitAll'],
        '/**':                  ['isFullyAuthenticated()']
]
grails.plugin.springsecurity.filterChain.chainMap = [
        '/api*//**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter',  // Stateless chain
        '*//**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'                                          // Traditional chain
]

grails.plugin.springsecurity.rest.login.active=true
grails.plugin.springsecurity.rest.login.endpointUrl = '/api/login'
grails.plugin.springsecurity.rememberMe.persistent = false
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.useRequestParamsCredentials = false
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.usernamePropertyName =  'username'
grails.plugin.springsecurity.rest.login.passwordPropertyName =  'password'
grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'com.example.api.auth.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName = 'token'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.token.storage.gorm.passwordPropertyName = 'password'
grails.plugin.springsecurity.rest.logout.endpointUrl = '/api/logout'
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false

// security
        compile ":spring-security-core:2.0-RC4"
        compile ":spring-security-rest:1.4.0.RC5", {
            excludes ('cors','spring-security-core')
        }
如果我的配置或使用POSTMAN的测试方法有问题,请提供反馈。

这是我最后的config.groovy代码

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'example.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'example.UserRole'
grails.plugin.springsecurity.authority.className = 'example.Role'
grails.plugin.springsecurity.interceptUrlMap = [
    '/':                    ['permitAll'],
    '/index':               ['permitAll'],
    '/index.gsp':           ['permitAll'],
    '/assets/**':           ['permitAll'],
    '/partials/**':         ['permitAll'],
    '/api/**':              ['isFullyAuthenticated()'],
    '/**':                  ['isFullyAuthenticated()']
]
grails.plugin.springsecurity.filterChain.chainMap = [
    '/auth/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter, -rememberMeAuthenticationFilter', // Stateless chain
    '/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter', // Stateless chain
    '/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'   // Traditional chain
]
grails.plugin.springsecurity.rest.login.active=true
grails.plugin.springsecurity.rest.login.endpointUrl='/auth/login'
grails.plugin.springsecurity.rest.login.failureStatusCode=401
grails.plugin.springsecurity.rest.login.useJsonCredentials=true
grails.plugin.springsecurity.rest.login.usernamePropertyName='username'
grails.plugin.springsecurity.rest.login.passwordPropertyName='password'
grails.plugin.springsecurity.rest.logout.endpointUrl='/auth/logout'
grails.plugin.springsecurity.rest.token.storage.useGorm=true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName='example.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName='tokenValue'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName='username'
grails.plugin.springsecurity.rest.token.generation.useSecureRandom=true
//grails.plugin.springsecurity.rest.token.validation.headerName='X-Auth-Token'
grails.plugin.springsecurity.rest.token.generation.useUUID=false
grails.plugin.springsecurity.rest.token.validation.active=true
grails.plugin.springsecurity.rest.token.validation.endpointUrl='/auth/validate'
不确定“当我发送原始数据中用户名和密码为json的post请求时”是什么意思。必须将JSON结构作为HTTP POST的主体传递,否则它将无法工作。例如,在Chrome开发工具中,当我登录并单击网络,然后查看请求负载时,它看起来是这样的:{“用户名”:“myusername”,“密码”:“mypassword”}而且我不确定为什么您的interceptUrlMap中有“/api/**”-您是否试图要求使用REST安全插件对api进行身份验证?这意味着它的开放性很强。谢谢你的来信。是的,我发送的授权POST请求与正文中的{“用户名”:“我的用户名”,“密码”:“我的密码”}相同。我还将interceptUrlMap中的“/api/**”更改为isFullyAuthenticated()。我发现问题是因为从spring security rest中排除了cors插件。我将发布我的最终代码供其他人参考,这些代码运行良好。我们是否需要在url映射文件中进行任何更改?只需为您的api指定url映射。这是我的
“/api/correlations”(版本:'1.0',资源:'correlations',命名空间:'v1')”/api/users(版本:'1.0',资源:'User',命名空间:'v1',排除:['delete','update'])