Grails Spring Security REST获取403禁止

时间:2015-05-13 15:03:48

标签: rest grails spring-security

我有一个Grails应用程序,我也使用Spring Security Plugin和Spring Security REST插件。正常登录运行良好,如果我的凭据正确,我会在响应中获得令牌。现在我想访问一个控制器,我确实在标题中传递了令牌,但我收到了403禁止响应。身份验证工作我想是因为当我更改令牌时,我得到401未授权。

Config.groovy中

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'usermanagement.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'usermanagement.UserRole'
grails.plugin.springsecurity.authority.className = 'usermanagement.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    '/':                              ['permitAll'],
    '/index':                         ['permitAll'],
    '/index.gsp':                     ['permitAll'],
    '/assets/**':                     ['permitAll'],
    '/**/js/**':                      ['permitAll'],
    '/**/css/**':                     ['permitAll'],
    '/**/images/**':                  ['permitAll'],
    '/**/favicon.ico':                ['permitAll']
]
grails.plugin.springsecurity.filterChain.chainMap = [
    '/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter',  // Stateless chain
    '/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'                                                                          // Traditional chain
]
grails.plugin.springsecurity.rest.login.active = true
grails.plugin.springsecurity.rest.login.endpointUrl = '/api/login'
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.usernamePropertyName = "username"
grails.plugin.springsecurity.rest.login.passwordPropertyName = "password"
grails.plugin.springsecurity.rest.logout.endpointUrl = '/api/logout'
grails.plugin.springsecurity.rest.token.validation.activated = true
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'
grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'rest.auth.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName = 'tokenValue'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName = 'username'

DailyBookingRESTController.groovy 

import grails.plugin.springsecurity.annotation.Secured

@Secured(['permitAll'])
class DailyBookingRESTController {

    def index() { 
        render "hi"
    }
}

urlMapping中:

class UrlMappings {

    static mappings = {
        "/$controller/$action?/$id?(.$format)?"{
            constraints {
                // apply constraints here
            }
        }

        "/$controller/$action?/$id?(.$format)?"()
        "/"(view:"/index")
        "500"(view:'/error')
        "/api/dailyBookings"(resources: "dailyBookingREST")
    }
}

我感谢任何帮助!

1 个答案:

答案 0 :(得分:0)

事实证明,urlMapping是区分大小写的,而我在安全被禁用时在我的请求中使用了正确的URL,但是在没有安全时使用了错误的URL。

相关问题
最新问题