stackoom
  简体   繁体   中英

grails spring security rest plugin how to skip url from authentication

 原文  2014-07-16 11:31:29       spring/ rest/ grails

Question

I am using spring security rest plugin as well as core in my grails app,i want to have some calls those can be accessed without authentication and for this i am adding @Secured('permitAll') on action but it is not working,it is still asking for token. I have also tried '/api/getdata': ['permitAll'] in config.groovy,but no result!!!

2 answers

solution1
 0  2014-07-16 13:15:38

use static mapping.. 

    grails.plugin.springsecurity.controllerAnnotations.staticRules = [
        '/':                              ['permitAll'],
        '/user/someaction1':             ['permitAll'],
        '/user/someaction1':                 ['permitAll'],
]

solution2
 0  2017-01-03 21:53:01

You need to add the anonymous filter to your filter chain. If you followed the grails spring security rest configuration tutorial you probably got the following code: 

grails.plugin.springsecurity.filterChain.chainMap = [
    //Stateless chain
    [
        pattern: '/**',
        filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
    ]
]

Note that you have "-anonymousAuthenticationFilter" , which removes this filter from your filter chain. By removing this part (-anonymousAuthenticationFilter) from your code, this filter will back to your filter chain, so you can use the @Secured("permitAll") or @Secured(['IS_AUTHENTICATED_ANONYMOUSLY']) again.

My final filter chain map was the following and worked like a charm. 

grails.plugin.springsecurity.filterChain.chainMap = [
    //Stateless chain
    [
        pattern: '/**',
        filters: 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
    ]
]

Add this to you logback.groovy in the development environment when you need to see more details about the authentication process 

logger("org.springframework.security", DEBUG, ['STDOUT'], false)
logger("grails.plugin.springsecurity", DEBUG, ['STDOUT'], false)
logger("org.pac4j", DEBUG, ['STDOUT'], false)

logger("StackTrace", ERROR, ['FULL_STACKTRACE'], false)
root(ERROR, ['STDOUT', 'FULL_STACKTRACE'])

The same idea applies if you do not use spring security rest. Same answer I gave in another post, didn't knew what to do.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Generate a token for authentication via URL grails spring security rest plugin grails spring security rest plugin Spring security grails plugin Grails 3 Spring Security Plugin Grails, upgrading from Acegi to Spring security plugin Grails + Spring Security Rest + How to login Supervisor Authentication to Allow an Action in Grails with Spring Security Plugin insufficient_scope error using Grails spring security rest plugin 404 when do logout in Spring Security Rest Plugin for Grails Grails Spring Security Plugin - Custom Login and Logout URL, Controller, and GSP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM