stackoom
  简体   繁体   中英

Disable RestAuthenticationFilter - Grails Spring Security Rest Plugin

 原文  2015-04-13 14:10:13       rest/ grails/ spring-security-rest

Question

I'm using Grails v2.4.2 with spring-security-rest, spring-security-core, and spring-security-ui plugins.

I'm trying to disable the RestAuthenticationFilter that comes with spring-security-rest so that I can write a custom Authentication Filter that is not case sensitive.

In my config.groovy, I'm using the following filter chain map: 

grails.plugin.springsecurity.filterChain.chainMap = [
'/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter,-restAuthenticationFilter'

]

I've added '- restAuthenticationFilter ' to exclude RestAuthenticationFilter but it is still running.

How can I exclude RestAuthentication Filter or is there an easier way to add case insensitivity to the username when logging in through RestAuthenticationFilter?

2 answers

solution1
 2  2015-04-13 16:57:49

Seems like 2 different questions.

If you want exclude the REST auth filter, I think you need to remove restTokenValidationFilter and restExceptionTranslationFilter from the chain.

Try 

grails.plugin.springsecurity.filterChain.chainMap = [
'/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter,-restTokenValidationFilter,-restExceptionTranslationFilter'
]

If you want to make your username case insensitive, just create a custom implementation of GrailsUserDetailsService. Implement loadUserByUsername to ignore case of the username.

See http://grails-plugins.github.io/grails-spring-security-core/guide/userDetailsService.html

solution2
 1  2015-04-14 07:39:46

The plugin doesn't perform any authentication itself, but rather delegates it to the Spring's AuthenticationManager , which in turn uses any authentication provider configured. In your case, the provider used is DaoAuthenticationProvider , and it delegates user retrieval to the userDetailsService configured bean.

As @jstell pointed out, the core plugin provides a GormUserDetailsService that you will have to subclass, override the method loadUserByUsername(String username, boolean loadRoles) , and configure in resources.groovy as userDetailsService bean.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question grails spring security rest plugin Spring security rest plugin for Grails3 facebook connect with grails spring security rest plugin Secure Grails Rest Api with Spring Security Rest Plugin Grails Spring Security Core Plugin Vs. Grails Spring Security REST plugin 404 when do logout in Spring Security Rest Plugin for Grails grails-spring-security-rest plugin and pesimistic lockdown How to get Authenticated with spring security rest plugin in Grails Intercepting login calls with Spring-Security-Rest plugin in Grails Need help on Spring Security REST API plugin for grails
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM