gradle - How to Configure Spring Security Rest for Grails 3.x -
how configure spring security rest plugin grails 3.x (currently i'm using grails 3.1.0 rc2).
the plugin page says "add compile :spring-security-rest:${version} buildconfig.groovy," buildconfig.groovy has been removed grails 3.x
edit: docs on plugin page have been updated
so got working. first off, documentation located [here][1] more date. need add following build.gradle
build.gradle
dependencies { //other dependencies compile "org.grails.plugins:spring-security-rest:2.0.0.m2" } next, need run spring security quickstart
grails s2-quickstart com.yourapp person role finally, need configure filter chain adding following application.groovy.
application.groovy
grails.plugin.springsecurity.filterchain.chainmap = [ //stateless chain [ pattern: '/api/**', filters: 'joined_filters,-anonymousauthenticationfilter,-exceptiontranslationfilter,-authenticationprocessingfilter,-securitycontextpersistencefilter,-remembermeauthenticationfilter' ], //traditional chain [ pattern: '/**', filters: 'joined_filters,-resttokenvalidationfilter,-restexceptiontranslationfilter' ] ] alternatives: decided move configuration application.yml, i'm not using 2 different configuration syntaxes.
alternative config #1: using application.yml with standard default settings
grails: # other config values plugin.springsecurity: userlookup.userdomainclassname: 'com.company.product.person' userlookup.authorityjoinclassname: 'com.company.product.personrole' authority.classname: 'com.company.product.role' controllerannotations.staticrules: - {pattern: '/', access: ['permitall']} - {pattern: '/error', access: ['permitall']} - {pattern: '/index', access: ['permitall']} - {pattern: '/index.gsp', access: ['permitall']} - {pattern: '/shutdown', access: ['permitall']} - {pattern: '/assets/**', access: ['permitall']} - {pattern: '/**/js/**', access: ['permitall']} - {pattern: '/**/css/**', access: ['permitall']} - {pattern: '/**/images/**', access: ['permitall']} - {pattern: '/**/favicon.ico', access: ['permitall']} filterchain.chainmap: - {pattern: '/assets/**', filters: 'none'} - {pattern: '/**/js/**', filters: 'none'} - {pattern: '/**/css/**', filters: 'none'} - {pattern: '/**/images/**', filters: 'none'} - {pattern: '/**/favicon.ico', filters: 'none'} #stateless chain - {pattern: '/api/**', filters: 'joined_filters,-anonymousauthenticationfilter,-exceptiontranslationfilter,-authenticationprocessingfilter,-securitycontextpersistencefilter,-remembermeauthenticationfilter'} #traditional chain - {pattern: '/**', filters: 'joined_filters,-resttokenvalidationfilter,-restexceptiontranslationfilter'} i (this totally optional)
- removed of generated config pertains serving gsps since app api
- configured plugin persist authorization token using gorm
- replaced default bearer tokens config x-auth-token config
so ended this
alternative config #2: using application.yml with api (no gsps) gorm token storage , x-auth-tokens instead of bearer tokens
grails: # other config values plugin.springsecurity: userlookup.userdomainclassname: 'com.company.product.person' userlookup.authorityjoinclassname: 'com.company.product.personrole' authority.classname: 'com.company.product.role' filterchain.chainmap: #stateless chain - {pattern: '/**', filters: 'joined_filters,-anonymousauthenticationfilter,-exceptiontranslationfilter,-authenticationprocessingfilter,-securitycontextpersistencefilter,-remembermeauthenticationfilter'} rest.token: storage.gorm.tokendomainclassname: 'com.company.product.authenticationtoken' validation: usebearertoken: false headername: 'x-auth-token'
Comments
Post a Comment