Grails(16)Secure the REST API-Basic Auth
Here are my configuration in Config.groovy
// Added by the Spring Security Core plugin:
grails.plugins.springsecurity.userLookup.userDomainClassName = 'com.sillycat.project.security.BrandUser'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'com.sillycat.project.security.BrandUserSecurityRole'
grails.plugins.springsecurity.authority.className = 'com.sillycat.project.security.SecurityRole'
grails.plugins.springsecurity.userLookup.usernamePropertyName = 'email'
//Enable Basic Auth Filter
grails.plugins.springsecurity.useBasicAuth = true
grails.plugins.springsecurity.basic.realmName = "sillycat"
//Exclude normal controllers from basic auth filter. Just the JSON API is included
grails.plugins.springsecurity.filterChain.chainMap = [
'/location/**': 'JOINED_FILTERS,-exceptionTranslationFilter',
'/**': 'JOINED_FILTERS,-basicAuthenticationFilter,-basicExceptionTranslationFilter'
]
grails.plugins.springsecurity.securityConfigType = "InterceptUrlMap"
grails.plugins.springsecurity.interceptUrlMap = [
'/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/common.css': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/favicon.ico': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/register/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/error/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
//'/location/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/**': ['IS_AUTHENTICATED_REMEMBERED']
]
Here I have 2 kind of configurations now, 1 is for page secure, the other is basic auth, it is for the api part.
Beside the Controller REST API action, there is a annotation
@Secured(["ROLE_USER"])
My test case will be like this to send the basic auth from the header
@Test
publicvoid testGetSuccessswithServer(){
def client = new RESTClient("http://localhost:8080")
client.auth.basic 'username', 'password'
defresponse = client.get(path: "location/1")
System.out.println(response.status)
System.out.println(response.data)
}
Or I can use POSTMAN to verify my API. There is a tab menu named Basic Auth, just put the user name and password.
The basic authority can work alone, but they can not work together.
References:
http://grails-plugins.github.com/grails-spring-security-core/docs/manual/
http://dead-knight.iteye.com/blog/1520080
Grails(16)Secure the REST API-Basic Auth
猜你喜欢
转载自sillycat.iteye.com/blog/1771859
今日推荐
周排行