创建多个身份验证端点

时间:2016-04-02 08:18:32

标签: grails spring-security spring-security-oauth2

我的应用程序中有2个独立的对象(SystemUser,Customer),系统用户可以是客户。我想为每个对象类型创建一个单独的标记端点。目前,Spring安全核心不支持这一点,因此我为客户令牌端点创建了一个插件。在这个插件中,我设置了spring security和oauth提供程序。我按照文档中的描述更改了端点路径。这是我的配置:

grails.plugin.springsecurity.controllerAnnotations.staticRules = [

 '/customers/oauth/token':   ["isFullyAuthenticated() and request.getMethod().equals('POST')"]
]

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'Customer'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'UserRole'
grails.plugin.springsecurity.authority.className = 'Role'

grails.plugin.springsecurity.oauthProvider.tokenServices.tokenEnhancerBeanNames = ['userDetailsTokenEnhancer']
grails.plugin.springsecurity.oauthProvider.tokenServices.accessTokenValiditySeconds=60
grails.plugin.springsecurity.oauthProvider.tokenServices.refreshTokenValiditySeconds=120
grails.plugin.springsecurity.oauthProvider.defaultClientConfig.accessTokenValiditySeconds=60
grails.plugin.springsecurity.oauthProvider.defaultClientConfig.refreshTokenValiditySeconds=120

// Added by the Spring Security OAuth2 Provider plugin:
grails.plugin.springsecurity.oauthProvider.clientLookup.className = 'Client'
grails.plugin.springsecurity.oauthProvider.authorizationCodeLookup.className = 'AuthorizationCode'
grails.plugin.springsecurity.oauthProvider.accessTokenLookup.className = 'AccessToken'
grails.plugin.springsecurity.oauthProvider.refreshTokenLookup.className = 'RefreshToken'

grails.plugin.springsecurity.oauthProvider.tokenEndpointUrl='/customers/oauth/token'

我将以下部分添加到我的应用程序spring security部分:'/ customers / oauth / **':['permitAll'],`

我的应用程序和客户插件都使用共享域插件。问题是当我请求/ customers / oauth / token时我得到404错误任何线索如何解决这个问题?

0 个答案:

没有答案