我的配置是:
我已经指定了我的自定义UserDetailsService(实现GrailsUserDetailsService),自定义User Details类(扩展GrailsUser)以及自定义安全身份验证提供程序(扩展AbstractUserDetailsAuthenticationProvider)。
我将它放在 resources.groovy 中,如下所示:
userDetailsService(My2nUserDetailsService)
my2nAuthenticationProvider(My2nAuthenticationProvider) {
userDetailsService = ref('userDetailsService')
}
现在我的问题是,当我想将POST发送到 / oauth / token 时,我的自定义提供程序( my2nAuthenticationProvider )将被忽略,默认 daoAuthenticationProvider 并且它失败,因为此提供程序调用默认的用户详细信息服务(所以再次...我的自定义My2nUserDetailsService被忽略)并且一切都失败了。
这就是我配置Spring Security核心和Spring Security Oauth2提供程序的方式:
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'cz.quanti.my2n.domains.my2n.My2nUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'cz.quanti.my2n.domains.my2n.My2nUserRole'
grails.plugin.springsecurity.authority.className = 'cz.quanti.my2n.domains.my2n.My2nRole'
grails.plugin.springsecurity.rejectIfNoRule = false
grails.plugin.springsecurity.fii.rejectPublicInvocations = true
grails.plugin.springsecurity.securityConfigType = 'InterceptUrlMap'
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.password.algorithm = 'SHA-256'
grails.plugin.springsecurity.password.hash.iterations = 1
grails.plugin.springsecurity.providerNames = [
'my2nAuthenticationProvider'
]
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
[pattern: '/oauth/authorize.dispatch', access: "IS_AUTHENTICATED_ANONYMOUSLY"],
[pattern: '/oauth/token.dispatch', access: "IS_AUTHENTICATED_ANONYMOUSLY"]
]
// https://grails-plugins.github.io/grails-spring-security-core/v2/guide/filters.html
grails.plugin.springsecurity.filterChain.chainMap = [
[pattern: '/oauth/token', filters: 'JOINED_FILTERS,-oauth2ProviderFilter,-clientCredentialsTokenEndpointFilter,-securityContextPersistenceFilter,-logoutFilter,-authenticationProcessingFilter,-rememberMeAuthenticationFilter,-exceptionTranslationFilter'],
[pattern: '/oauth/authorize', filters: 'JOINED_FILTERS,-oauth2ProviderFilter,-clientCredentialsTokenEndpointFilter,-securityContextPersistenceFilter,-logoutFilter,-authenticationProcessingFilter,-rememberMeAuthenticationFilter,-exceptionTranslationFilter'],
...
[pattern: '/**', filters: 'JOINED_FILTERS,-statelessSecurityContextPersistenceFilter,-oauth2ProviderFilter,-clientCredentialsTokenEndpointFilter,-oauth2BasicAuthenticationFilter,-oauth2ExceptionTranslationFilter,-restTokenValidationFilter,-restExceptionTranslationFilter'] // Traditional chain
]
// Added by the Spring Security OAuth2 Provider plugin:
grails.plugin.springsecurity.oauthProvider.clientLookup.className = 'cz.quanti.my2n.domains.hipmo.OauthClient'
grails.plugin.springsecurity.oauthProvider.authorizationCodeLookup.className = 'cz.quanti.my2n.domains.hipmo.OauthAuthorizationCode'
grails.plugin.springsecurity.oauthProvider.accessTokenLookup.className = 'cz.quanti.my2n.domains.hipmo.OauthAccessToken'
grails.plugin.springsecurity.oauthProvider.refreshTokenLookup.className = 'cz.quanti.my2n.domains.hipmo.OauthRefreshToken'
grails.plugin.springsecurity.oauthProvider.authorization.requireScope = false
你能给我一些建议吗?
答案 0 :(得分:0)
我没有使用过这个插件,但如果你想让你的bean注册替换插件注册的那个,你需要在resources.groovy中使用相同的bean名称。从查看插件源我假设您要替换clientCredentialsAuthenticationProvider bean,因此您的提供者注册应该看起来像
clientCredentialsAuthenticationProvider(My2nAuthenticationProvider) {
userDetailsService = ref('userDetailsService')
}
答案 1 :(得分:0)
您将securityConfigType声明为“ InterceptUrlMap”,但仍使用controllerAnnotations进行映射。更新securityConfigType以使用“注释”