问题
How do you configure Spring Security Rest Plugin for Grails 3.x (currently I'm using Grails 3.1.0 RC2).
The plugin page says to "Add compile :spring-security-rest:${version} to your BuildConfig.groovy," but BuildConfig.groovy has been removed from Grails 3.x
edit: the docs on the plugin page have been updated
回答1:
SO I got this working. First off, the documentation located [here][1] is much more up to date. You need to add the following to build.gradle
build.gradle
dependencies {
//Other dependencies
compile "org.grails.plugins:spring-security-rest:2.0.0.M2"
}
Next, you need to run Spring Security quickstart
grails s2-quickstart com.yourapp Person Role
Finally, you need to configure the filter chain but adding the following into your application.groovy.
application.groovy
grails.plugin.springsecurity.filterChain.chainMap = [
//Stateless chain
[
pattern: '/api/**',
filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
],
//Traditional chain
[
pattern: '/**',
filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'
]
]
Alternatives:
I decided to move the configuration to application.yml, so I'm not using two different configuration syntaxes.
Alternative config #1:
using application.yml with standard default settings
grails:
# other config values
plugin.springsecurity:
userLookup.userDomainClassName: 'com.company.product.Person'
userLookup.authorityJoinClassName: 'com.company.product.PersonRole'
authority.className: 'com.company.product.Role'
controllerAnnotations.staticRules:
- {pattern: '/', access: ['permitAll']}
- {pattern: '/error', access: ['permitAll']}
- {pattern: '/index', access: ['permitAll']}
- {pattern: '/index.gsp', access: ['permitAll']}
- {pattern: '/shutdown', access: ['permitAll']}
- {pattern: '/assets/**', access: ['permitAll']}
- {pattern: '/**/js/**', access: ['permitAll']}
- {pattern: '/**/css/**', access: ['permitAll']}
- {pattern: '/**/images/**', access: ['permitAll']}
- {pattern: '/**/favicon.ico', access: ['permitAll']}
filterChain.chainMap:
- {pattern: '/assets/**', filters: 'none'}
- {pattern: '/**/js/**', filters: 'none'}
- {pattern: '/**/css/**', filters: 'none'}
- {pattern: '/**/images/**', filters: 'none'}
- {pattern: '/**/favicon.ico', filters: 'none'}
#Stateless chain
- {pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'}
#Traditional chain
- {pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'}
I also (this is totally optional)
- removed all of the generated config that pertains to serving GSPs since my app is just an API
- configured the plugin to persist the authorization token using GORM
- replaced the default bearer tokens config with the X-Auth-Token config
so I ended up with this
Alternative config #2:
using application.yml with API only (No GSPs) with GORM token storage and X-Auth-Tokens instead of Bearer Tokens
grails:
# other config values
plugin.springsecurity:
userLookup.userDomainClassName: 'com.company.product.Person'
userLookup.authorityJoinClassName: 'com.company.product.PersonRole'
authority.className: 'com.company.product.Role'
filterChain.chainMap:
#Stateless chain
- {pattern: '/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'}
rest.token:
storage.gorm.tokenDomainClassName: 'com.company.product.AuthenticationToken'
validation:
useBearerToken: false
headerName: 'X-Auth-Token'
来源:https://stackoverflow.com/questions/35062081/how-to-configure-spring-security-rest-for-grails-3-x