我有一个使用 Spring Security 的标准 grails Web 应用程序,我想使用 spring-security-rest 插件(版本 1.5.1)将其中的一小部分作为 REST API 公开。一切似乎都设置正确,但我提出的任何请求都会返回 403 错误,提示“insufficient_scope”。任何文档中都没有关于此的内容,所以我希望有人可以提供帮助。这是我使用 Grails 2.4.4 的设置:
配置.groovy:
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter', // Stateless chain
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter' // Traditional chain
]
grails.plugin.springsecurity.ui.register.defaultRoleNames = ['ROLE_USER']
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.luncho.UserLuncho'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.luncho.UserLunchoRole'
grails.plugin.springsecurity.authority.className = 'com.luncho.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['ROLE_USER'],
'/user/create': ['ROLE_ADMIN'],
'/register/*': ['permitAll'],
'/login/*': ['permitAll'],
'/logout/*': ['permitAll'],
'/index.gsp': ['permitAll'],
'/plugins/**': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/restaurant/**': ['ROLE_USER']
]
我可以很好地进行身份验证,并且确实取回了不记名令牌。但是,以下 curl 命令(使用真正的令牌代替“my_token”)总是发送回一个不足的_scope 错误:
curl -i http://localhost:8080/lunchoweb/api/restaurant -H "授权:承载 my_token"
还值得注意的是,控制器方法包含在名为 RestaurantAPIController 的单独控制器中。现在很简单:
class RestaurantAPIController {
def getAllRestaurants() {
render Restaurant.findAll() as JSON
}
}
使用 URL 映射:
// REST end points
"/api/restaurant" {
controller="restaurantAPI"
action = "getAllRestaurants"
}
是什么赋予了?