Grails 3 JWT令牌存储问题

时间:2017-05-10 03:45:53

标签: spring rest grails groovy spring-security-rest

我正在尝试使用spring-security-rest插件使用grails 3实现一个restful服务。

我想使用JWT令牌存储配置,但是当我尝试访问登录URL时,应用程序失败并出现以下错误:

Grails application running at http://localhost:8080 in environment: development
2017-05-09 23:33:23.679 DEBUG --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/auth/login'; against '/error'
2017-05-09 23:33:23.679 DEBUG --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/auth/login'; against '/assets/**'
2017-05-09 23:33:23.679 DEBUG --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/auth/login'; against '/partials/**'
2017-05-09 23:33:23.679 DEBUG --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/auth/login'; against '/**/js/**'
2017-05-09 23:33:23.679 DEBUG --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/auth/login'; against '/**/css/**'
2017-05-09 23:33:23.679 DEBUG --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/auth/login'; against '/**/images/**'
2017-05-09 23:33:23.679 DEBUG --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/auth/login'; against '/**/favicon.ico'
2017-05-09 23:33:23.679 DEBUG --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/auth/login'; against '/auth/**'
2017-05-09 23:33:23.680 DEBUG --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /auth/login at position 1 of 8 in additional filter chain; firing Filter: 'SecurityRequestHolderFilter'
2017-05-09 23:33:23.690 DEBUG --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /auth/login at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
2017-05-09 23:33:23.690 DEBUG --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/auth/login'; against '/logoff'
2017-05-09 23:33:23.690 DEBUG --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /auth/login at position 3 of 8 in additional filter chain; firing Filter: 'RestAuthenticationFilter'
2017-05-09 23:33:23.691 DEBUG --- [nio-8080-exec-1] g.p.s.rest.RestAuthenticationFilter      : Actual URI is /auth/login; endpoint URL is /auth/login
2017-05-09 23:33:23.692 DEBUG --- [nio-8080-exec-1] g.p.s.rest.RestAuthenticationFilter      : Applying authentication filter to this request
2017-05-09 23:33:23.711 DEBUG --- [nio-8080-exec-1] c.DefaultJsonPayloadCredentialsExtractor : Extracted credentials from JSON payload. Username: me, password: [PROTECTED]
2017-05-09 23:33:23.714 DEBUG --- [nio-8080-exec-1] g.p.s.rest.RestAuthenticationFilter      : Trying to authenticate the request
2017-05-09 23:33:23.716  INFO --- [nio-8080-exec-1] o.s.s.core.SpringSecurityCoreVersion     : You are running with Spring Security Core 4.1.4.RELEASE
2017-05-09 23:33:23.720 DEBUG --- [nio-8080-exec-1] o.s.s.authentication.ProviderManager     : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2017-05-09 23:33:23.911 DEBUG --- [nio-8080-exec-1] o.s.s.a.h.RoleHierarchyImpl              : getReachableGrantedAuthorities() - From the roles [ROLE_USER] one can reach [ROLE_USER] in zero or more steps.
2017-05-09 23:33:23.913 DEBUG --- [nio-8080-exec-1] g.p.s.rest.RestAuthenticationFilter      : Request authenticated. Storing the authentication result in the security context
2017-05-09 23:33:23.913 DEBUG --- [nio-8080-exec-1] g.p.s.rest.RestAuthenticationFilter      : Authentication result: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@441dbccc: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@d98: Username: me; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER
2017-05-09 23:33:23.919 DEBUG --- [nio-8080-exec-1] g.p.s.rest.RestAuthenticationFilter      : Generated token: grails.plugin.springsecurity.rest.token.AccessToken(accessToken:d87lhs43d04j4lic7aqs4ibba0s1oio4, expiration:null, refreshToken:null, principal:grails.plugin.springsecurity.userdetails.GrailsUser@d98: Username: me; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER, super:grails.plugin.springsecurity.rest.token.AccessToken@441d0fa8: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@d98: Username: me; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER)
2017-05-09 23:33:23.919 DEBUG --- [nio-8080-exec-1] g.p.s.r.t.s.GormTokenStorageService      : Storing principal for token: d87lhs43d04j4lic7aqs4ibba0s1oio4
2017-05-09 23:33:23.919 DEBUG --- [nio-8080-exec-1] g.p.s.r.t.s.GormTokenStorageService      : Principal: grails.plugin.springsecurity.userdetails.GrailsUser@d98: Username: me; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER
2017-05-09 23:33:23.928 ERROR --- [nio-8080-exec-1] .a.c.c.C.[.[.[.[grailsDispatcherServlet] : Servlet.service() for servlet [grailsDispatcherServlet] in context with path [] threw exception

java.lang.IllegalArgumentException: The specified token domain class 'null' is not a domain class 
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
        at org.springsource.loaded.ri.ReflectiveInterceptor.jlrConstructorNewInstance(ReflectiveInterceptor.java:1075)
        at org.codehaus.groovy.reflection.CachedConstructor.invoke(CachedConstructor.java:83)
        at org.codehaus.groovy.reflection.CachedConstructor.doConstructorInvoke(CachedConstructor.java:77)
        at org.codehaus.groovy.runtime.callsite.ConstructorSite$ConstructorSiteNoUnwrap.callConstructor(ConstructorSite.java:84)
        at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallConstructor(CallSiteArray.java:60)
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:235)
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:247)
        at grails.plugin.springsecurity.rest.token.storage.GormTokenStorageService.storeToken(GormTokenStorageService.groovy:71)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.springsource.loaded.ri.ReflectiveInterceptor.jlrMethodInvoke(ReflectiveInterceptor.java:1426)
        at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSite.invoke(PogoMetaMethodSite.java:169)
        at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.call(PogoMetaMethodSite.java:71)
        at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
        at grails.plugin.springsecurity.rest.RestAuthenticationFilter.doFilter(RestAuthenticationFilter.groovy:133)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.groovy:62)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.groovy:58)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
        at org.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:77)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
        at org.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:67)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
        at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:96)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
        at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:474)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1434)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)

2017-05-09 23:33:23.933 DEBUG --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/error'; against '/error'
2017-05-09 23:33:23.933 DEBUG --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : /error has an empty filter list

该错误似乎与它尝试使用GormTokenStorageService的事实有关,即使我将配置设置为使用JWT令牌存储

这是我的 application.groovy 文件

grails.plugin.springsecurity.useSecurityEventListener = true
grails.plugin.springsecurity.securityConfigType = 'InterceptUrlMap'

grails.plugin.springsecurity.rememberMe.persistent = true

grails.plugin.springsecurity.rest.login.active = true
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.login.passwordPropertyName = 'password'
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.endpointUrl = '/auth/login'
grails.plugin.springsecurity.rest.logout.endpointUrl = '/auth/logout'

grails.plugin.springsecurity.rest.token.storage.jwt.useEncryptedJwt = true
grails.plugin.springsecurity.rest.token.storage.jwt.privateKeyPath = 'security/private_key.der'
grails.plugin.springsecurity.rest.token.storage.jwt.publicKeyPath = 'security/public_key.der'

grails.plugin.springsecurity.rest.token.rendering.authoritiesPropertyName = 'permissions'
grails.plugin.springsecurity.rest.token.rendering.usernamePropertyName = 'username'

grails.plugin.springsecurity.rest.token.generation.useSecureRandom = true

grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'ras.auth.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'ras.auth.UserRole'
grails.plugin.springsecurity.authority.className = 'ras.auth.Role'

grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    [pattern: '/',               access: ['permitAll']],
    [pattern: '/error',          access: ['permitAll']],
    [pattern: '/index',          access: ['permitAll']],
    [pattern: '/index.gsp',      access: ['permitAll']],
    [pattern: '/shutdown',       access: ['permitAll']],
    [pattern: '/assets/**',      access: ['permitAll']],
    [pattern: '/**/js/**',       access: ['permitAll']],
    [pattern: '/**/css/**',      access: ['permitAll']],
    [pattern: '/**/images/**',   access: ['permitAll']],
    [pattern: '/**/favicon.ico', access: ['permitAll']]
]

grails.plugin.springsecurity.interceptUrlMap = [
    [pattern: '/',               access: ['permitAll']],
    [pattern: '/assets/**',      access: ['permitAll']],
    [pattern: '/partials/**',    access: ['permitAll']],
    [pattern: '/**/js/**',       access: ['permitAll']],
    [pattern: '/**/css/**',      access: ['permitAll']],
    [pattern: '/**/images/**',   access: ['permitAll']],
    [pattern: '/**/favicon.ico', access: ['permitAll']],
    [pattern: '/auth/login',     access: ['permitAll']],
    [pattern: '/auth/logout',    access: ['isFullyAuthenticated()']],
    [pattern: '/auth/validate',  access: ['isFullyAuthenticated()']],
    [pattern: '/**',             access: ['isFullyAuthenticated()']]
]

grails.plugin.springsecurity.filterChain.chainMap = [
    [pattern: '/error',          filters: 'none'],
    [pattern: '/assets/**',      filters: 'none'],
    [pattern: '/partials/**',    filters: 'none'],
    [pattern: '/**/js/**',       filters: 'none'],
    [pattern: '/**/css/**',      filters: 'none'],
    [pattern: '/**/images/**',   filters: 'none'],
    [pattern: '/**/favicon.ico', filters: 'none'],
    [pattern: '/auth/**',        filters: 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter, -rememberMeAuthenticationFilter'], // Stateless chain
    [pattern: '/api/**',         filters: 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter, -rememberMeAuthenticationFilter'], // Stateless chain
    [pattern: '/data/**',        filters: 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter, -rememberMeAuthenticationFilter'], // Stateless chain
    [pattern: '/**',             filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter']   // Traditional chain
]

1 个答案:

答案 0 :(得分:1)

Grails试图使用GORM令牌存储,因为我在build.gradle中有以下行

compile "org.grails.plugins:spring-security-rest-gorm:${springSecurityRestVersion}"

由于这种依赖性,它忽略了使用加密的JWT插件的配置

grails.plugin.springsecurity.rest.token.storage.jwt.useEncryptedJwt = true