Grails Spring Security REST插件 - 令牌存储失败

时间:2014-08-09 16:05:36

标签: rest grails spring-security

我正在使用Spring Security REST插件设置Grails项目,但我遇到了一些麻烦。当我使用有效的用户名和密码向/api/login发出以下请求时

Accept: application/json
Content-Type: application/json

{
    "username": "validuser",
    "password": "validpassword"
}

我得到以下例外

Error 2014-08-09 11:30:04,839 [http-bio-8080-exec-6] ERROR [/myphotoid-api].[default]  - Servlet.service() for servlet [default] in context with path [/myphotoid-api] threw exception
Message: java.lang.Class cannot be cast to java.lang.String
Line | Method
->>   38 | storeToken in com.odobo.grails.plugin.springsecurity.rest.token.storage.GormTokenStorageService
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
|     97 | doFilter   in com.odobo.grails.plugin.springsecurity.rest.RestAuthenticationFilter
|     82 | doFilter . in grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter
|     63 | doFilter   in com.odobo.grails.plugin.springsecurity.rest.RestLogoutFilter
|     82 | doFilter . in com.brandseye.cors.CorsFilter
|   1145 | runWorker  in java.util.concurrent.ThreadPoolExecutor
|    615 | run . . .  in java.util.concurrent.ThreadPoolExecutor$Worker
^    745 | run        in java.lang.Thread

然后我的客户端收到302到/login/auth,即常规状态登录页面。 :(

但是,如果我使用无效的用户名和密码向/api/login发出以下请求

Accept: application/json
Content-Type: application/json

{
    "username": "validuser",
    "password": "badpassword"
}

我得到401,我想这就是我应该期待的。

以下是我Config.groovy

的有效部分 
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.campuscardtools.myphotoid.Person'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.campuscardtools.myphotoid.PersonRole'
grails.plugin.springsecurity.authority.className = 'com.campuscardtools.myphotoid.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    '/api/login':                     ['permitAll'],
    '/':                              ['permitAll'],
    '/index':                         ['permitAll'],
    '/index.gsp':                     ['permitAll'],
    '/assets/**':                     ['permitAll']
]

grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = com.campuscardtools.myphotoid.AuthenticationToken
grails.plugin.springsecurity.filterChain.chainMap = [
    '/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter',  // Stateless chain
    '/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'                                          // Traditional chain
]

提前感谢您的帮助!

2 个答案:

答案 0 :(得分:2)

@kau感谢您提供有用的评论。

  

看起来你的tokenDomainClassName需要用引号括起来 - kau Aug 22 at 14:01

所以我改变了这个

grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = com.campuscardtools.myphotoid.AuthenticationToken

到这个

grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'com.campuscardtools.myphotoid.AuthenticationToken'

答案 1 :(得分:0)

检查文档中的插件confiugraiton部分:http://alvarosanchez.github.io/grails-spring-security-rest/docs/guide/configuration.html

您必须在grails.plugin.springsecurity.filterChain.chainMap中正确配置链:

grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter',  // Stateless chain
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'                                          // Traditional chain

相关问题
最新问题