Authentication using Grails Spring Security REST Plugin

Question

I came across the Greach 2014 presentation of Alvaro. I downloaded the example from GitHub and started it.

When I try to authenticate with

curl -i -H "Content-Type: application/json" -X POST -d '{"username":"jimi","password":"jimispassword"}' http://localhost:8080/restful-grails-springsecurity-greach2014/api/login

I am getting this on the curl side.

 HTTP/1.1 400 Bad Request
 Server: Apache-Coyote/1.1
 Content-Length: 0
 Date: Mon, 18 May 2015 14:57:07 GMT
 Connection: close

On serverside I see that.

|Server running. Browse to http://localhost:8080/restful-grails-springsecurity-greach2014
....2015-05-18 16:57:07,840 [http-bio-8080-exec-4] DEBUG util.AntPathRequestMatcher  - Request '/api/login' matched by universal pattern '/**'
2015-05-18 16:57:07,841 [http-bio-8080-exec-4] DEBUG web.FilterChainProxy  - /api/login at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-05-18 16:57:07,842 [http-bio-8080-exec-4] DEBUG context.HttpSessionSecurityContextRepository  - No HttpSession currently exists
2015-05-18 16:57:07,842 [http-bio-8080-exec-4] DEBUG context.HttpSessionSecurityContextRepository  - No SecurityContext was available from the HttpSession: null. A new one will be created.
2015-05-18 16:57:07,844 [http-bio-8080-exec-4] DEBUG web.FilterChainProxy  - /api/login at position 2 of 11 in additional filter chain; firing Filter: 'MutableLogoutFilter'
2015-05-18 16:57:07,844 [http-bio-8080-exec-4] DEBUG web.FilterChainProxy  - /api/login at position 3 of 11 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
2015-05-18 16:57:07,846 [http-bio-8080-exec-4] DEBUG web.FilterChainProxy  - /api/login at position 4 of 11 in additional filter chain; firing Filter: 'RestAuthenticationFilter'
2015-05-18 16:57:07,878 [http-bio-8080-exec-4] DEBUG rest.RestAuthenticationFilter  - Actual URI is /api/login; endpoint URL is /api/login
2015-05-18 16:57:07,878 [http-bio-8080-exec-4] DEBUG rest.RestAuthenticationFilter  - Applying authentication filter to this request
2015-05-18 16:57:07,919 [http-bio-8080-exec-4] DEBUG credentials.DefaultJsonPayloadCredentialsExtractor  - No JSON body sent in the request
2015-05-18 16:57:07,919 [http-bio-8080-exec-4] DEBUG rest.RestAuthenticationFilter  - Username and/or password parameters are missing.
2015-05-18 16:57:07,920 [http-bio-8080-exec-4] DEBUG rest.RestAuthenticationFilter  - Setting status to 400
2015-05-18 16:57:07,921 [http-bio-8080-exec-4] DEBUG context.HttpSessionSecurityContextRepository  - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-05-18 16:57:07,922 [http-bio-8080-exec-4] DEBUG context.SecurityContextPersistenceFilter  - SecurityContextHolder now cleared, as request processing completed

No JSON body sent in the request. How do I have to send this using cURL?

Or why doesn't it pick up my

 -X POST -d '{"username":"jimi","password":"jimispassword"}' 

Answer 1

Change your cURL request as:

curl -i -H "Content-Type: application/json" -X POST -data '{"username":"jimi","password":"jimispassword"}' http://localhost:8080/restful-grails-springsecurity-greach2014/api/login

Notice that i have changed the '-d' with '--data'

Answer 2

I think my problem is rather cURL-syntax related than grails related. I tested with Firefox RestClient and it is working fine.