stackoom
  简体   繁体   中英

Static security mapping using spring-security-core on grails 2.4.3

 原文  2014-12-23 12:01:56       grails/ spring-security

Question

Using spring-security-core (2.0-RC4) i am having problems with static security mapping. 

'/app/client/**':                  ['IS_AUTHENTICATED_FULLY'],  
'/app/items/**':                   ['permitAll'],

and this configuration (or even switching the true/false values) 

grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations = false

When i try to access 

/app/items/Books

I get 403/500 (depending on configuration parameters). The only way i can access is when both configuration properties are false so i end with optimistic approach which i intend to avoid.

Is there something bad with the pattern? Can comeone gives some light on what can be happening in the hoods?

Thanks,

UPDATE: 

grails.plugin.springsecurity.rest.login.active = true
grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'com.moviesxd.api.domain.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName = 'tokenValue'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName = 'username'

grails.plugin.springsecurity.securityConfigType = "Annotation"

grails.plugin.springsecurity.rest.token.validation.enableAnonymousAccess = true

//Workaround for weird responses when using a bearer token
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false

grails.plugin.springsecurity.rest.login.active = true
grails.plugin.springsecurity.rest.login.endpointUrl = '/security/login'
grails.plugin.springsecurity.rest.logout.endpointUrl = '/security/logout'
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.login.passwordPropertyName = 'password'
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'

UPDATE: 

'/':                                ['permitAll'],
'/index':                           ['permitAll'],
'/index.gsp':                       ['permitAll'],
'/assets/**':                       ['permitAll'],
'/**/js/**':                        ['permitAll'],
'/**/css/**':                       ['permitAll'],
'/**/images/**':                    ['permitAll'],
'/**/favicon.ico':                  ['permitAll'],

1 answers

solution1
 0  2014-12-24 07:23:17

Since you are using rejectIfNoRule property set to true, you have unknowingly blocked the access on root url ie at / . So allow that rule by modifying your rules like this: 

'/':                               ['permitAll'],
'/index':                          ['permitAll'],
'/index.gsp':                      ['permitAll'],
'/app/client/**':                  ['IS_AUTHENTICATED_FULLY'],  
'/app/items/**':                   ['permitAll']

Read here for more info.
Hope this helps!

Thanks,
SA

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question spring-security-core Grails plugin grails acegi migration to spring-security-core Grails spring-security-core plugin tutorial spring-security-core custom authentication in grails Grails spring-security-core plugin Android App Authentication through Grails spring-security-core Disable user authentication in grails' spring-security-core plugin Grails Spring-Security-Core plugin - Cannot authenticate user Grails spring-security-core remember me functionality Grails spring-security-core plugin installation never completes
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM