[英]Grails 3: Spring Security Rest returns Login Page
我正在使用一個Grails 3.1.9應用程序,並且無法通過傳遞承載令牌來訪問我的安全方法。 缺少什么?
登錄請求(路徑: http:// localhost:8080 / api / login ):
{
"username": "adm",
"password": "123"
}
登錄響應:
{
"username": "adm",
"roles": [
"ROLE_ADM"
],
"token_type": "Bearer",
"access_token": "enjUSkoPnOhTFg ...",
"expires_in": 4600000,
"refresh_token": "eyhaFthjvTgf ..."
}
然后,我將access_token發送到路徑: http:// localhost:8080 / api / test :
{
"Authorization": "Bearer enjUSkoPnOhTFg ..."
}
!!!!! 但是服務器返回登錄頁面的html內容。 !!!!!
OBS:Controller方法的注釋為@Secured('ROLE_ADM')
,當我使用@Secured('permitAll')
時可以使用
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.test.domain.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.test.domain.UserRole'
grails.plugin.springsecurity.authority.className = 'com.test.domain.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll']
]
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter',
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'
]
我發現了問題。 我不得不從“ / auth / **”路徑中刪除傳統的spring安全過濾器。
所以這解決了問題:
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter',
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter',
// add this line:
'/auth/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
]
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.