1

我一直在寻找这个问题的答案。我希望能够使用将验证身份验证的 spring 安全核心插件在 Grails 应用程序中发送 JSON 数据。我似乎无法让它工作。

我正在尝试使用 cURL 和以下命令对此进行测试:

curl -v -H "Content-Type: application/json" -X POST --data @ajax_login.json http://localhost:8080/j_spring_security_check?ajax=true

我的 ajax_login.json 看起来像这样:

{
    "j_username":"user@email.com",
    "j_password":"password"
}

我的回复如下所示:

* About to connect() to localhost port 8080 (#0)
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
> POST /j_spring_security_check?ajax=true HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost:8080
> Accept: */*
> Content-Type: application/json
> Content-Length: 63
> 
< HTTP/1.1 302 Moved Temporarily
< Server: Apache-Coyote/1.1
< Set-Cookie: JSESSIONID=974763464D383CD90962E8933DBB8335; Path=/
< Set-Cookie: grails_remember_me=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
< Location: http://localhost:8080/login/authfail;jsessionid=974763464D383CD90962E8933DBB8335?ajax=true
< Content-Length: 0
< Date: Wed, 12 Dec 2012 22:53:27 GMT
< 
* Connection #0 to host localhost left intact
* Closing connection #0

我希望根据 LoginController 的 ajaxSuccess 操作看到类似的内容:

{
    "success":true,
    "username":"user@email.com"
}

或者至少每个 LoginController 的 ajaxfail 操作的失败 JSON:

{
    "error":"#yourdoingitwrong"
}

仅供参考,我的 config.groovy 有这个:

grails.plugins.springsecurity.interceptUrlMap = [
  '/css/**':    ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/common.css':  ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/favicon.ico': ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/js/**':   ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/login/**':  ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/register/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/error/**':  ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/**':      ['IS_AUTHENTICATED_REMEMBERED']
]

我已经将 GormUserDetailsS​​ervice 子类化并重写了 loadUserByUsername 来进行自己的查找,但是传入的用户名是空白的……空字符串。我知道这一点,因为我能够在该方法中设置断点,并且当我发送我的 cURL 命令时,执行确实会在那里结束。

我还缺少其他任何细节吗?

4

2 回答 2

1

我仍然想知道如何根据请求发出 cURL 命令,但我能够通过 jQuery.ajax 成功通信:

<html>
<head>
    <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
    <script type="text/javascript">
    $(function() {
        $('#btnPush').on('click', function() {
            $.ajax({
                url: 'http://localhost:8080/j_spring_security_check',
                type: 'POST',
                data: {
                    j_username: 'user@email.com',
                    j_password: 'password'
                },
                success: function(data, textStatus, jqXHR) {
                    alert('Success!!!');
                },
                error: function(jqXHR, textStatus, errorThrown) {
                    alert('Fail!');
                }
            });
        });
    });
    </script>
</head>
<body>
<button id='btnPush'>Push Me!</button>
</body>
</html>

这个 HTML 文件必须包含在我的 Grails 应用程序 web-app 文件夹中。我猜这不是跨域请求。

于 2012-12-13T04:48:33.327 回答
1

将参数 -L 添加到 curl 命令应该会有所帮助

在您的服务器响应中包含以下部分:

HTTP/1.1 302 Moved Temporarily 
Location: http://localhost:8080/login/authfail;jsessionid=974763464D383CD90962E8933DBB8335?ajax=true

tells curl/browser that the requested page has moved to new location (login/authfail). This way server redirects client to new URL. Web browser would immediately issue request to the new location, but default behavior of curl is not to follow redirects automaticaly.

Parameter -L/--location instructs curl to follow redirects. See man curl for more details.

于 2012-12-13T06:23:58.673 回答