sto cercando di integrare spring security rest plugin versione 1.4.1 nel mio graal app, ma di fronte a qualche problema, sto facendo così:Primavera di sicurezza resto plugin: autenticazione non è riuscita, non AuthenticationProvider trovato
impostazioneConfig.groovy :
//login end point
grails.plugin.springsecurity.rest.login.active=true
grails.plugin.springsecurity.rest.login.endpointUrl='/api/login'
grails.plugin.springsecurity.rest.login.failureStatusCode='401'
//for memcached
grails.plugin.springsecurity.rest.token.storage.useMemcached=true
grails.plugin.springsecurity.rest.token.storage.memcached.hosts='localhost:11211'
grails.plugin.springsecurity.rest.token.storage.memcached.username=''
grails.plugin.springsecurity.rest.token.storage.memcached.password=''
grails.plugin.springsecurity.rest.token.storage.memcached.expiration=3600
//logout endpoint
grails.plugin.springsecurity.rest.logout.endpointUrl='/api/logout'
grails.plugin.springsecurity.rest.token.validation.headerName='X-Auth-Token'
//accept request params as map
grails.plugin.springsecurity.rest.login.useRequestParamsCredentials=true
grails.plugin.springsecurity.rest.login.usernamePropertyName='username'
grails.plugin.springsecurity.rest.login.passwordPropertyName='password'
e
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/guest/**': 'anonymousAuthenticationFilter,restExceptionTranslationFilter,filterInvocationInterceptor',
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter', // Stateless chain
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter' // Traditional chain
]
Come si può vedere dalla creazione sto usando Memcach e per l'archiviazione di token, quando ho colpito l'url api/login
tramite un client resto ho ottenuto 401 ho attivato i log in cui si dice che provider di autenticazione non trovata
Ecco il log:
2015-04-03 23:30:31,030 [http-bio-8080-exec-8] DEBUG matcher.AntPathRequestMatcher - Checking match of request : '/api/login'; against '/api/guest/**'
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG matcher.AntPathRequestMatcher - Checking match of request : '/api/login'; against '/api/**'
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG web.FilterChainProxy - /api/[email protected]&password=test456 at position 1 of 8 in additional filter chain; firing Filter: 'RestLogoutFilter'
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG web.FilterChainProxy - /api/[email protected]&password=test456 at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG web.FilterChainProxy - /api/[email protected]&password=test456 at position 3 of 8 in additional filter chain; firing Filter: 'RestAuthenticationFilter'
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFilter - Actual URI is /api/login; endpoint URL is /api/login
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFilter - Applying authentication filter to this request
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG credentials.RequestParamsCredentialsExtractor - Extracted credentials from request params. Username: [email protected], password: [PROTECTED]
2015-04-03 23:30:31,032 [http-bio-8080-exec-8] DEBUG credentials.RequestParamsCredentialsExtractor - pswrd: test456
2015-04-03 23:30:31,032 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFilter - Trying to authenticate the request: org.springframew[email protected]fdd5153a: Principal: [email protected]; Credentials: [PROTECTED]; Authenticated: false; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Not granted any authorities
2015-04-03 23:30:31,051 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFilter - Authentication failed: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
2015-04-03 23:30:31,051 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFailureHandler - Setting status code to 401
2015-04-03 23:30:31,051 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFilter - Not authenticated. Rest authentication token not generated.
mio un altro punto è questo: se faccio una richiesta come localhost:8080/restspring/api/guest/controller/action
(per richiesta non autenticata) devo fare qualche entrata nella mappatura degli URL per questo? La mia applicazione usa il provider di autenticazione personalizzato. Ogni idea sarà utile per me, grazie.
Qual è la vostra versione graal? – Ramsharan
Sto usando la versione 2.4.3 di Grails. Se avete bisogno di altre informazioni allora fatemelo sapere, grazie. – Abs
Hai installato Memcached sul tuo PC? http://alvarosanchez.github.io/grails-spring-security-rest/1.5.0.RC1/docs/guide/tokenStorage.html#memcached E non guardare sul 401. Questo codice si prende se alcuni errori durante logIn (lo configuri in config). L'ultimo se ti manca questa cosa. – Koloritnij