stackoom
  简体   繁体   中英

Intercepting login calls with Spring-Security-Rest plugin in Grails

 原文  2015-06-16 21:41:57       rest/ grails/ spring-security

Question

I am using the spring security rest plugin for Grails to provide a login mechanism for an AngularJS app. Login works fine, but I can't figure out how to intercept login calls, in order to store additional statistics on (invalid/valid) login attempts.

As I am quite new to Spring Security I am not familiar with it's filter chains. Is it possible to write a custom filter to intercept login calls without interfering with the plugins's mode of action or is there a better way to achieve what I want to do?

I saw that the Spring Security Rest plugin has a class called RestAuthenticationSuccessHandler which implements Spring Security's AuthenticationSuccessHandler interface. Can I provide a custom implementation of the class which is used by the plugin?

My configuration: 

grails.plugin.springsecurity.rememberMe.persistent = false
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'example.auth.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName = 'token'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName = 'username'

grails.plugin.springsecurity.filterChain.chainMap = [
    '/auth/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter, -rememberMeAuthenticationFilter', // Stateless chain
    '/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter', // Stateless chain
    '/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'   // Traditional chain
]

grails.plugin.springsecurity.rest.login.active=true
grails.plugin.springsecurity.rest.login.useJsonCredentials=true
grails.plugin.springsecurity.rest.token.storage.useGorm=true
grails.plugin.springsecurity.rest.token.generation.useSecureRandom=true
grails.plugin.springsecurity.rest.token.validation.headerName='X-Auth-Token'
grails.plugin.springsecurity.rest.token.generation.useUUID=false
grails.plugin.springsecurity.rest.token.validation.active=true
grails.plugin.springsecurity.rest.token.validation.endpointUrl='/auth/validate'

1 answers

solution1
 2 ACCPTED  2015-06-16 22:01:10

Yes, you can provide a custom bean that implements the RestAuthenticationSuccessHandler . Take a look at the API documentation for the class to see what you need to implement. Then it's as simple as overriding the bean in your application context: 

// Resources.groovy
restAuthenticationSuccessHandler(MyCustomRestAuthenticationSuccessHandler) {
  renderer = ref('accessTokenJsonRenderer')
}

It might also be helpful to look at the default implementation to base yours on.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question spring-security-rest plugin logout failure Grails spring-security-rest authentication denied: Dynamic method get<Artefact>Class(artefactName) How to get contact list of a facebook user in grails using spring-security-rest:1.4.0.RC5 grails spring security rest plugin facebook connect with grails spring security rest plugin Grails + Spring Security Rest + How to login Spring security rest plugin for Grails3 Disable RestAuthenticationFilter - Grails Spring Security Rest Plugin How to get the reason of login failure in clients while using Grails Spring Security Rest plugin? 405 Method Not Allowed on /api/login OPTIONS request with grails-spring-security-rest plugin (and the fight continues…)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM