search

grails / grails-spring-security-core

Grails Spring Security Core Plugin
Apache License 2.0
259 stars 222 forks source link

Create Multiple Authentication endpoints #424

Closed ferasodh closed 5 years ago

ferasodh commented 8 years ago

I have 2 separate objects (SystemUser, Customer) in my application and system user can be a customer. I would like to create a separate token end point for each object type. Currently, this is not supported by spring security core so I created a plugin for customer token endpoint. In this plugin I setup both spring security and oauth provider. I changed endpoint path as described in the docs. Here is my config:

grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    '/customers/oauth/token':   ["isFullyAuthenticated() and request.getMethod().equals('POST')"]
]

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'Customer'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'UserRole'
grails.plugin.springsecurity.authority.className = 'Role'

grails.plugin.springsecurity.oauthProvider.tokenServices.tokenEnhancerBeanNames = ['userDetailsTokenEnhancer']
grails.plugin.springsecurity.oauthProvider.tokenServices.accessTokenValiditySeconds=60
grails.plugin.springsecurity.oauthProvider.tokenServices.refreshTokenValiditySeconds=120
grails.plugin.springsecurity.oauthProvider.defaultClientConfig.accessTokenValiditySeconds=60
grails.plugin.springsecurity.oauthProvider.defaultClientConfig.refreshTokenValiditySeconds=120

// Added by the Spring Security OAuth2 Provider plugin:
grails.plugin.springsecurity.oauthProvider.clientLookup.className = 'Client'
grails.plugin.springsecurity.oauthProvider.authorizationCodeLookup.className = 'AuthorizationCode'
grails.plugin.springsecurity.oauthProvider.accessTokenLookup.className = 'AccessToken'
grails.plugin.springsecurity.oauthProvider.refreshTokenLookup.className = 'RefreshToken'

grails.plugin.springsecurity.oauthProvider.tokenEndpointUrl='/customer/oauth/token'

and I added the following section to my application spring security section:

 '/customers/oauth/**':['permitAll'],`

Both my application and customer plugin uses a shared domain plugin. The problem is that when I requested /customer/oauth/token I get 404 error any clue how to solve this?

ddelponte commented 6 years ago

@ferasodh thank-you for submitting this issue 😄

Would you be able to attach or link to a sample app that reproduces this issue?

Thanks!

ddelponte commented 5 years ago

Marking this as Cannot Reproduce and closing.

I will be happy to reopen it if you would be so kind as to attach or link to a sample app which reproduces the problem.