我有一个使用spring security的标准grails web应用程序,我想使用spring-security-rest插件(版本1.5.1)将其中的一小部分作为REST API公开。似乎所有东西都设置正确,但我发出的任何请求都会返回403错误,说“insufficient_scope”。在任何文档中都没有这个,所以我希望有人可以提供帮助。这是我使用Grails 2.4.4的设置:
Config.groovy中:
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter', // Stateless chain
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter' // Traditional chain
]
grails.plugin.springsecurity.ui.register.defaultRoleNames = ['ROLE_USER']
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.luncho.UserLuncho'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.luncho.UserLunchoRole'
grails.plugin.springsecurity.authority.className = 'com.luncho.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['ROLE_USER'],
'/user/create': ['ROLE_ADMIN'],
'/register/*': ['permitAll'],
'/login/*': ['permitAll'],
'/logout/*': ['permitAll'],
'/index.gsp': ['permitAll'],
'/plugins/**': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/restaurant/**': ['ROLE_USER']
]
我可以认证很好,但我确实收到了不记名令牌。但是,以下curl命令(使用真实令牌代替“my_token”)总是发回一个insufficient_scope错误:
curl -i http://localhost:8080/lunchoweb/api/restaurant -H“授权:Bearer my_token”
值得注意的是,控制器方法包含在名为RestaurantAPIController的sperate控制器中。现在它非常简单:
class RestaurantAPIController {
def getAllRestaurants() {
render Restaurant.findAll() as JSON
}
}
使用URL映射:
// REST end points
"/api/restaurant" {
controller="restaurantAPI"
action = "getAllRestaurants"
}
是什么给出了?
答案 0 :(得分:2)
此处没有对'/ api / **'范围的引用。
'/restaurant/**': ['ROLE_USER']
应该是
'/api/restaurant/**': ['ROLE_USER']