我的api/登录帖子在使用spring security的grails 3上未经授权
我正在尝试使用access\u令牌授权来实现一个简单的Grails RESTFUL API 我在教程中遵循了一个示例,但在本例中我无法继续,因为我的localhost:8080/api/login url(我应该用来获取access_令牌的url)不起作用 我首先创建了grails 3 api,如下所示:我的api/登录帖子在使用spring security的grails 3上未经授权,spring,rest,grails,groovy,spring-security,Spring,Rest,Grails,Groovy,Spring Security,我正在尝试使用access\u令牌授权来实现一个简单的Grails RESTFUL API 我在教程中遵循了一个示例,但在本例中我无法继续,因为我的localhost:8080/api/login url(我应该用来获取access_令牌的url)不起作用 我首先创建了grails 3 api,如下所示: def init = { servletContext -> def adminUser = new User(username: "adminuser",
def init = { servletContext ->
def adminUser = new User(username: "adminuser",
password: "1234", enabled: true);
adminUser.save(flush:true)
def userUser = new User(username: "useruser",
password: "1234", enabled: true);
userUser.save(flush:true)
def userRole = Role.findByAuthority("ROLE_USER") ?: new Role("ROLE_USER")
def adminRole = Role.findByAuthority("ROLE_ADMIN") ?: new Role("ROLE_ADMIN")
userRole.save(flush:true)
adminRole.save(flush:true)
UserRole.create(adminUser, adminRole)
UserRole.create(userUser, userRole)
}
grails.plugin.springsecurity.filterChain.chainMap = [
//Stateless chain
[
pattern: '/**',
filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
],
//Traditional, stateful chain
[
pattern: '/stateful/**',
filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'
]
]
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'coopoliva.backend.security.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'coopoliva.backend.security.UserRole'
grails.plugin.springsecurity.authority.className = 'coopoliva.backend.security.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
[pattern: '/', access: ['permitAll']],
[pattern: '/error', access: ['permitAll']],
[pattern: '/index', access: ['permitAll']],
[pattern: '/index.gsp', access: ['permitAll']],
[pattern: '/shutdown', access: ['permitAll']],
[pattern: '/assets/**', access: ['permitAll']],
[pattern: '/**/js/**', access: ['permitAll']],
[pattern: '/**/css/**', access: ['permitAll']],
[pattern: '/**/images/**', access: ['permitAll']],
[pattern: '/**/favicon.ico', access: ['permitAll']],
[pattern: '/api/rest', access: ['permitAll']]
]
grails.plugin.springsecurity.filterChain.chainMap = [
[pattern: '/assets/**', filters: 'none'],
[pattern: '/**/js/**', filters: 'none'],
[pattern: '/**/css/**', filters: 'none'],
[pattern: '/**/images/**', filters: 'none'],
[pattern: '/**/favicon.ico', filters: 'none'],
[pattern: '/**', filters: 'JOINED_FILTERS']
]
def init = { servletContext ->
def adminUser = new User(username: "adminuser",
password: "1234", enabled: true);
adminUser.save(flush:true)
def userUser = new User(username: "useruser",
password: "1234", enabled: true);
userUser.save(flush:true)
def userRole = Role.findByAuthority("ROLE_USER") ?: new Role("ROLE_USER")
def adminRole = Role.findByAuthority("ROLE_ADMIN") ?: new Role("ROLE_ADMIN")
userRole.save(flush:true)
adminRole.save(flush:true)
UserRole.create(adminUser, adminRole)
UserRole.create(userUser, userRole)
}
提前谢谢 您需要允许访问您的登录url
[pattern: 'api/login/**', access: ['permitAll']]
def adminUser = new User(username: "adminuser",
password: "1234", enabled: true);
adminUser.save(flush:true)
def userUser = new User(username: "useruser",
password: "1234", enabled: true);
userUser.save(flush:true)
def adminUser = new User(username: "adminuser",
password: springSecurityService.encodePassword("1234"), enabled: true);
adminUser.save(flush:true)
def userUser = new User(username: "useruser",
password: springSecurityService.encodePassword("1234"), enabled: true);
userUser.save(flush:true)
谢谢大家的帮助 我认为@sudhir是正确的答案,你可以检查一下,这个回购协议来自Alvaro Sanchez,它使用spring security rest。我尝试了两种方法,但都是一样的。。。我在staticRules上添加了[pattern:'/api/**',access:['permitAll']],在chainMap上添加了[pattern:'/api/**',filters:'JOINED_filters'],没有成功。