Question

我正在尝试配置此插件但未成功。 / api / login返回令牌。它超过32个字符。

authResponse:[username:root, roles:[RADIO_ADMIN], expires_in:3600, token_type:Bearer, access_token:eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0NTc4MTg0MjAsInN1YiI6InJvb3QiLCJwcmluY2lwYWwiOiJINHNJQUFBQUFBQUFBSlZTc1U0YlFSQ2RNMFlnV1NJUUtaRW9vSUYwMFZraXBTc0RBWUVPRThWeFE2UkU2N3Zoc3JDM2UrenVnZDBnVjFCUWdDQklrZmdGXC9nU2FmRUNVRkdtcGFaazlNR2ZTb0d5MU5cL1B1dlRkdjl2SUdobzJHZDdGbVhCZ1wvRlZuTXBXOVN6V1ZzTU13MHQxMFwvTTZnanREbGlPUWUycUFMM3h5dUJGMENKUnhaZUJsdHNsMVVGazNGMXZiMkZvYTExTk13cEhUOHdibXFXNEo3UzJcLzRqZDZnMFBoRW9xTDJURW94c3dBUUxRNVZKMjFEeWZTZmxHcU1OR0M5cWdRcTNYZWxWU0IyVWxqTmhCcUVqS0ZsYllCUkFoV1gybXlKVmpzYkNpM3V6bWVXaTJrUmJDMkEwWmNhUXUzOG1hVnBuM2ZXZFRVa1Q3TUErbER1cFI0ZXllK09ndnVQeEY1UVFORFZYMHN5MlpLSWl2c21kT1BIM3BrNVwvSGxcLzBXaVVBeXVUdDhcLzhVOWNsNTZGMTl1WjNPZ1wvWkNDNjhIckJld1dpY2xOeE1GOHllTlR2blhqdzluNXplSG40ZEkyU0dXXC9uOGZzXC9XSDVMb0xLa21aWmxZTjdJaG85OHJ1VHVUeno1UDN0OUQxbXp4SkJkS0xraGFqUjRtQ21NWXRheVg2ZVZ1b2ZLd3ZycXhcL3JTK3VyVFRjTjNXVkpkV3hmR2kzTFQ5UXRLdWp2eWZYeHpPXC9pV0VWaG5lWnlKQXlIeTlBalN4cG96NjRQSitxZlA5emxFXC9RZjgxM01OWjJpaEVEQUFBPSIsInJvbGVzIjpbIlJBRElPX0FETUlOIl0sImlhdCI6MTQ1NzgxNDgyMH0.LrsAlhZ_bbWC1TKqHKCfeL0l9nZfgd_fMcsUb4Np24M]

但是，如果我尝试调用像/ api / radios这样的安全端点，我总是得到：

[message:Access is denied, timestamp:1457814018972, error:Forbidden, status:403, path:/api/radios]
[Server:[Apache-Coyote/1.1], WWW-Authenticate:[Bearer error="insufficient_scope"], Set-Cookie:[JSESSIONID=2AD3EF86B6BB1807747EBCCA98FB7DC8; Path=/; HttpOnly...]

我已配置

grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    [pattern: '/',               access: ['permitAll']],
    [pattern: '/error',          access: ['permitAll']],
    [pattern: '/index',          access: ['permitAll']],
    [pattern: '/index.gsp',      access: ['permitAll']],
    [pattern: '/shutdown',       access: ['permitAll']],
    [pattern: '/assets/**',      access: ['permitAll']],
    [pattern: '/**/js/**',       access: ['permitAll']],
    [pattern: '/**/css/**',      access: ['permitAll']],
    [pattern: '/**/images/**',   access: ['permitAll']],
    [pattern: '/**/favicon.ico', access: ['permitAll']],
    [pattern: '/api/**',         access: ['permitAll']],
    [pattern: '/api/radios/**',  access: ['RADIO_ADMIN']]
]

grails.plugin.springsecurity.filterChain.chainMap = [
    // State less chain
    [
            pattern: '/api/**',
            filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
    ],
    [pattern: '/assets/**',      filters: 'none'],
    [pattern: '/**/js/**',       filters: 'none'],
    [pattern: '/**/css/**',      filters: 'none'],
    [pattern: '/**/images/**',   filters: 'none'],
    [pattern: '/**/favicon.ico', filters: 'none'],
    [pattern: '/**',             filters: 'JOINED_FILTERS']
]

我使用以下环境： Grails版本：3.1.3 Groovy版本：2.4.6 JVM版本：1.7.0_75

Answer 1

我遇到了完全相同的问题。经过几个小时的调查，查看grails spring-security-core 和 spring-security-rest 插件源代码并运行日志级别设置为DEBUG的应用程序以查看所有的幕后活动，我已经弄清楚了。

在 application.groovy ：

中尝试以下操作

grails.plugin.springsecurity.securityConfigType = "InterceptUrlMap"

grails.plugin.springsecurity.interceptUrlMap = [
    [pattern: '/api/radios/**', access: ['ROLE_RADIO_ADMIN']]
]

我尝试使用Grails 3.1.6，spring-security-core 3.1.0，spring-security-rest＆amp; spring-security-rest-gorm 2.0.0.M2和Java 1.8

grails spring rest插件insufficient_scope

1 个答案: