Using spring-security-core (2.0-RC4) i am having problems with static security mapping.
'/app/client/**': ['IS_AUTHENTICATED_FULLY'],
'/app/items/**': ['permitAll'],
and this configuration (or even switching the true/false values)
grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
When i try to access
/app/items/Books
I get 403/500 (depending on configuration parameters). The only way i can access is when both configuration properties are false so i end with optimistic approach which i intend to avoid.
Is there something bad with the pattern? Can comeone gives some light on what can be happening in the hoods?
Thanks,
UPDATE:
grails.plugin.springsecurity.rest.login.active = true
grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'com.moviesxd.api.domain.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName = 'tokenValue'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName = 'username'
grails.plugin.springsecurity.securityConfigType = "Annotation"
grails.plugin.springsecurity.rest.token.validation.enableAnonymousAccess = true
//Workaround for weird responses when using a bearer token
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false
grails.plugin.springsecurity.rest.login.active = true
grails.plugin.springsecurity.rest.login.endpointUrl = '/security/login'
grails.plugin.springsecurity.rest.logout.endpointUrl = '/security/logout'
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.login.passwordPropertyName = 'password'
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'
UPDATE:
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
Since you are using rejectIfNoRule
property set to true, you have unknowingly blocked the access on root url ie at / . So allow that rule by modifying your rules like this:
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/app/client/**': ['IS_AUTHENTICATED_FULLY'],
'/app/items/**': ['permitAll']
Read here for more info.
Hope this helps!
Thanks,
SA
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.