[英]Grails 3: Spring Security Rest returns Login Page
我正在使用一个Grails 3.1.9应用程序,并且无法通过传递承载令牌来访问我的安全方法。 缺少什么?
登录请求(路径: http:// localhost:8080 / api / login ):
{
"username": "adm",
"password": "123"
}
登录响应:
{
"username": "adm",
"roles": [
"ROLE_ADM"
],
"token_type": "Bearer",
"access_token": "enjUSkoPnOhTFg ...",
"expires_in": 4600000,
"refresh_token": "eyhaFthjvTgf ..."
}
然后,我将access_token发送到路径: http:// localhost:8080 / api / test :
{
"Authorization": "Bearer enjUSkoPnOhTFg ..."
}
!!!!! 但是服务器返回登录页面的html内容。 !!!!!
OBS:Controller方法的注释为@Secured('ROLE_ADM')
,当我使用@Secured('permitAll')
时可以使用
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.test.domain.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.test.domain.UserRole'
grails.plugin.springsecurity.authority.className = 'com.test.domain.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll']
]
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter',
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'
]
我发现了问题。 我不得不从“ / auth / **”路径中删除传统的spring安全过滤器。
所以这解决了问题:
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter',
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter',
// add this line:
'/auth/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.