6

I am trying to integrate spring security rest plugin version 1.4.1 in my grails app, but facing some issue, I am doing like that:

Config.groovy setting:

  //login end point
    grails.plugin.springsecurity.rest.login.active=true
    grails.plugin.springsecurity.rest.login.endpointUrl='/api/login'
    grails.plugin.springsecurity.rest.login.failureStatusCode='401'

    //for  memcached
    grails.plugin.springsecurity.rest.token.storage.useMemcached=true
    grails.plugin.springsecurity.rest.token.storage.memcached.hosts='localhost:11211'
    grails.plugin.springsecurity.rest.token.storage.memcached.username=''
    grails.plugin.springsecurity.rest.token.storage.memcached.password=''
    grails.plugin.springsecurity.rest.token.storage.memcached.expiration=3600

    //logout endpoint
    grails.plugin.springsecurity.rest.logout.endpointUrl='/api/logout'
    grails.plugin.springsecurity.rest.token.validation.headerName='X-Auth-Token'

    //accept request params as map
    grails.plugin.springsecurity.rest.login.useRequestParamsCredentials=true
    grails.plugin.springsecurity.rest.login.usernamePropertyName='username'
    grails.plugin.springsecurity.rest.login.passwordPropertyName='password'

and

grails.plugin.springsecurity.filterChain.chainMap = [
        '/api/guest/**': 'anonymousAuthenticationFilter,restExceptionTranslationFilter,filterInvocationInterceptor',
        '/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter',  // Stateless chain
        '/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'                                                                          // Traditional chain
]

As you can see from setting I am using Memcache for token storage, when I hit the url api/login via a rest client I got 401 I enabled the logs In which it says that Authentication provider not found

Here is the logs:

2015-04-03 23:30:31,030 [http-bio-8080-exec-8] DEBUG matcher.AntPathRequestMatcher  - Checking match of request : '/api/login'; against '/api/guest/**'
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG matcher.AntPathRequestMatcher  - Checking match of request : '/api/login'; against '/api/**'
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG web.FilterChainProxy  - /api/login?username=abu.srs@gmail&password=test456 at position 1 of 8 in additional filter chain; firing Filter: 'RestLogoutFilter'
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG web.FilterChainProxy  - /api/login?username=abu.srs@gmail&password=test456 at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG web.FilterChainProxy  - /api/login?username=abu.srs@gmail&password=test456 at position 3 of 8 in additional filter chain; firing Filter: 'RestAuthenticationFilter'
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFilter  - Actual URI is /api/login; endpoint URL is /api/login
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFilter  - Applying authentication filter to this request
2015-04-03 23:30:31,031 [http-bio-8080-exec-8] DEBUG credentials.RequestParamsCredentialsExtractor  - Extracted credentials from request params. Username: abu.srs@gmail, password: [PROTECTED]
2015-04-03 23:30:31,032 [http-bio-8080-exec-8] DEBUG credentials.RequestParamsCredentialsExtractor  - pswrd:  test456
2015-04-03 23:30:31,032 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFilter  - Trying to authenticate the request: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fdd5153a: Principal: abu.srs@gmail; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Not granted any authorities
2015-04-03 23:30:31,051 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFilter  - Authentication failed: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
2015-04-03 23:30:31,051 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFailureHandler  - Setting status code to 401
2015-04-03 23:30:31,051 [http-bio-8080-exec-8] DEBUG rest.RestAuthenticationFilter  - Not authenticated. Rest authentication token not generated.

My another point is that: If I make a request like localhost:8080/restspring/api/guest/controller/action (for non-authenticated request) do I need to do some entry in URL mapping for this?My application uses the custom authentication provider. Any idea will be helpful for me, thanks.

4

1 回答 1

0

未找到身份验证提供程序

问题可能是您始终在身份验证提供程序的 support() 方法中返回 false。
参考:未找到 UsernamePasswordAuthenticationToken 的 AuthenticationProvider

如果我发出 localhost:8080/restspring/api/guest/controller/action 之类的请求(对于未经身份验证的请求),我是否需要为此在 URL 映射中输入一些内容?

是的,您需要在 url 映射中输入一些内容。因为默认的 url 映射是:

"/$controller/$action?/$id?(.$format)?"{
            constraints {
                // apply constraints here
            }
        }

这无法生成您需要的网址,即localhost:8080/restspring/api/guest/controller/action

于 2015-04-13T17:41:25.450 回答