Spring安全休息插件:身份验证失败,未找到AuthenticationProvider

时间:2015-04-03 18:03:46

标签: rest grails spring-security access-token spring-security-rest

我正在尝试在我的grails应用中集成spring security rest plugin版本 1.4.1 ,但面对一些问题,我这样做:

Config.groovy设置:

  //login end point
    grails.plugin.springsecurity.rest.login.active=true
    grails.plugin.springsecurity.rest.login.endpointUrl='/api/login'
    grails.plugin.springsecurity.rest.login.failureStatusCode='401'

    //for  memcached
    grails.plugin.springsecurity.rest.token.storage.useMemcached=true
    grails.plugin.springsecurity.rest.token.storage.memcached.hosts='localhost:11211'
    grails.plugin.springsecurity.rest.token.storage.memcached.username=''
    grails.plugin.springsecurity.rest.token.storage.memcached.password=''
    grails.plugin.springsecurity.rest.token.storage.memcached.expiration=3600

    //logout endpoint
    grails.plugin.springsecurity.rest.logout.endpointUrl='/api/logout'
    grails.plugin.springsecurity.rest.token.validation.headerName='X-Auth-Token'

    //accept request params as map
    grails.plugin.springsecurity.rest.login.useRequestParamsCredentials=true
    grails.plugin.springsecurity.rest.login.usernamePropertyName='username'
    grails.plugin.springsecurity.rest.login.passwordPropertyName='password'


grails.plugin.springsecurity.filterChain.chainMap = [
        '/api/guest/**': 'anonymousAuthenticationFilter,restExceptionTranslationFilter,filterInvocationInterceptor',
        '/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter',  // Stateless chain
        '/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'                                                                          // Traditional chain
]

从设置我可以看到我正在使用Memcache进行令牌存储,当我通过其他客户端点击网址api/login时,我得到了401我启用了日志其中显示未找到身份验证提供程序

这是日志:

2015-04-03 23:30:31,030 [http-bio-8080-exec-8] DEBUG matcher.AntPathRequestMatcher  - Checking match of request : '/api/login'; against '/api/guest/**'
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG matcher.AntPathRequestMatcher  - Checking match of request : '/api/login'; against '/api/**'
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG web.FilterChainProxy  - /api/login?username=abu.srs@gmail&password=test456 at position 1 of 8 in additional filter chain; firing Filter: 'RestLogoutFilter'
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG web.FilterChainProxy  - /api/login?username=abu.srs@gmail&password=test456 at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG web.FilterChainProxy  - /api/login?username=abu.srs@gmail&password=test456 at position 3 of 8 in additional filter chain; firing Filter: 'RestAuthenticationFilter'
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFilter  - Actual URI is /api/login; endpoint URL is /api/login
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFilter  - Applying authentication filter to this request
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG credentials.RequestParamsCredentialsExtractor  - Extracted credentials from request params. Username: abu.srs@gmail, password: [PROTECTED]
2015-04-03 23:30:31,032 [http-bio-8080-exec-8] DEBUG credentials.RequestParamsCredentialsExtractor  - pswrd:  test456
2015-04-03 23:30:31,032 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFilter  - Trying to authenticate the request: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fdd5153a: Principal: abu.srs@gmail; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Not granted any authorities
2015-04-03 23:30:31,051 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFilter  - Authentication failed: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
2015-04-03 23:30:31,051 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFailureHandler  - Setting status code to 401
2015-04-03 23:30:31,051 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFilter  - Not authenticated. Rest authentication token not generated.

我的另一点是:如果我发出像localhost:8080/restspring/api/guest/controller/action这样的请求(对于未经过身份验证的请求),我是否需要在URL映射中为此做一些输入?我的应用程序使用自定义身份验证提供程序。任何想法对我都有帮助,谢谢。

1 个答案:

答案 0 :(得分:0)

  

未找到身份验证提供程序

问题可能是您始终在身份验证提供程序的supports()方法中返回false 参考:No AuthenticationProvider found for UsernamePasswordAuthenticationToken

  

如果我提出类似的请求   localhost:8080 / restspring / api / guest / controller / action(for   非认证请求)我是否需要在URL映射中进行一些输入   对此?

是的,你需要在url映射中做一些输入。因为默认的URL映射是:

"/$controller/$action?/$id?(.$format)?"{
            constraints {
                // apply constraints here
            }
        }

这无法生成您所需的网址,即localhost:8080/restspring/api/guest/controller/action

相关问题
最新问题