Grails 3:Spring Security Rest返回登录页面
[英]Grails 3: Spring Security Rest returns Login Page
问题描述
我正在使用一个Grails 3.1.9应用程序,并且无法通过传递承载令牌来访问我的安全方法。 缺少什么?
问题:
登录请求(路径: http:// localhost:8080 / api / login ):
{
"username": "adm",
"password": "123"
}
登录响应:
{
"username": "adm",
"roles": [
"ROLE_ADM"
],
"token_type": "Bearer",
"access_token": "enjUSkoPnOhTFg ...",
"expires_in": 4600000,
"refresh_token": "eyhaFthjvTgf ..."
}
然后,我将access_token发送到路径: http:// localhost:8080 / api / test :
{
"Authorization": "Bearer enjUSkoPnOhTFg ..."
}
!!!!! 但是服务器返回登录页面的html内容。 !!!!!
OBS:Controller方法的注释为@Secured('ROLE_ADM') ,当我使用@Secured('permitAll')时可以使用
组态:
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.test.domain.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.test.domain.UserRole'
grails.plugin.springsecurity.authority.className = 'com.test.domain.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll']
]
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter',
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'
]
1 个解决方案
解决方案1
0 已采纳 2019-09-18 14:32:49
我发现了问题。 我不得不从“ / auth / **”路径中删除传统的spring安全过滤器。
所以这解决了问题:
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter',
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter',
// add this line:
'/auth/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
]
用Grails中的Spring-Security-Rest插件拦截登录呼叫
[英]Intercepting login calls with Spring-Security-Rest plugin in Grails
Grails 3-迅速地记录Spring Security Rest的登录API
[英]Grails 3 - documenting spring security rest's login api in swagger
如何自定义Grails Spring Security REST登录响应HTTP代码
[英]How to customize Grails Spring Security REST login response HTTP code
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Grails + Spring Security Rest +如何登录
Grails 3,登录后的Spring Security Rest用户名
更改grails中spring security plugin的登录页面
Grails中的Spring Security重定向到HTTP登录页面
HTML登录页面在Grails Spring安全性中
grails spring安全性登录页面显示
用Grails中的Spring-Security-Rest插件拦截登录呼叫
Grails 3-迅速地记录Spring Security Rest的登录API
grails spring安全性休息/ api / login 401未经授权
如何自定义Grails Spring Security REST登录响应HTTP代码
相关标签