Closed shnatyk closed 8 years ago
This is really an issue with how you have spring security configured. See http://grails-plugins.github.io/grails-spring-security-core/docs/manual/guide/requestMappings.html
Did you try setting spring security filterChain?
This is an excerpt from a raw app of mines. It works well with springsecurity and jaxrs
//spring security configuration
grails.plugins.springsecurity.providerNames = [
'wsAuthenticationProvider'
]
grails.plugins.springsecurity.rejectIfNoRule = false
grails.plugins.springsecurity.controllerAnnotations.staticRules = [
'/dbUtil/**': ['ROLE_ADMIN'],
'/monitoring/**': ['ROLE_ADMIN'],
'/monitoring': ['ROLE_ADMIN'],
'/adminManage/**': ['ROLE_ADMIN'],
'/setting/**': ['ROLE_ADMIN'],
'/*': ['ROLE_USER'],
'/main/**': ['ROLE_USER'],
'/api/**': ['ROLE_USER'],
'/jaxrs/**': ['ROLE_USER'],
'/gwt/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/error': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
'/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY']
]
grails.plugins.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-jaxrsFilter',
'/**': 'JOINED_FILTERS'
]
Hi, thank you very much for suggestons. Sorry for such a late reply, being a bit busy recently.
I have looked into the documentation from the link and tried to find some solutions there, ideas were similar as those one which I found before, still no success.
@davidecavestro tried your piece of code but now when accessing "api" url got this error code: "Error 500: Internal Server Error URI: /MeetMe/api Class: java.lang.IllegalArgumentException Message: Secure object invocation FilterInvocation: URL: /api was denied as public invocations are not allowed via this interceptor. This indicates a configuration error because the rejectPublicInvocations property is set to 'true' ... Around line 53 of GrailsAnonymousAuthenticationFilter.java ... Around line 49 of RequestHolderAuthenticationFilter.java ... Around line 82 of MutableLogoutFilter.java ... Around line 46 of JaxrsFilter.java ..."
It seems like all the time it completely ignores static rules. Maybe I mess too much in spring security plugin configuration when learning it and following some tutorials...
I get reply on some other website with information that there is some fresh plugin which may solve the issue.
Here the link: http://grails.org/plugin/spring-security-rest
But I have problem with installation of this plugin... after I put "compile..." command in BuildConfig and then refresh dependecies I got this message: "| Error Failed to resolve dependencies (Set log level to 'warn' in BuildConfig.groovy for more information): - org.pac4j:pac4j-oauth:1.5.0-SNAPSHOT"
Can anyone check if has the same problem?
Sorry, at the moment I have no way to give it a check, but maybe you simply need an additional maven repo such as
https://oss.sonatype.org/content/repositories/snapshots
within the repositories closure of your BuildConfig.groovy, as per https://github.com/leleuj/pac4j#maven-dependencies
2014/1/18 shnatyk notifications@github.com
I get reply on some other website with information that there is some fresh plugin which may solve the issue.
Here the link: http://grails.org/plugin/spring-security-rest
But I have problem with installation of this plugin... after I put "compile..." command in BuildConfig and then refresh dependecies I got this message: "| Error Failed to resolve dependencies (Set log level to 'warn' in BuildConfig.groovy for more information): - org.pac4j:pac4j-oauth:1.5.0-SNAPSHOT"
Can anyone check if has the same problem?
— Reply to this email directly or view it on GitHubhttps://github.com/krasserm/grails-jaxrs/issues/40#issuecomment-32671583 .
Sorry, at the moment I have no way to give it a check, but maybe you simply need some additional maven repo such as
https://oss.sonatype.org/content/repositories/snapshots
within the repositories closure of your BuildConfig.groovy, as per https://github.com/leleuj/pac4j#maven-dependencies
2014/1/18 shnatyk notifications@github.com
I get reply on some other website with information that there is some fresh plugin which may solve the issue.
Here the link: http://grails.org/plugin/spring-security-rest
But I have problem with installation of this plugin... after I put "compile..." command in BuildConfig and then refresh dependecies I got this message: "| Error Failed to resolve dependencies (Set log level to 'warn' in BuildConfig.groovy for more information): - org.pac4j:pac4j-oauth:1.5.0-SNAPSHOT"
Can anyone check if has the same problem?
— Reply to this email directly or view it on GitHubhttps://github.com/krasserm/grails-jaxrs/issues/40#issuecomment-32671583 .
@shnatyk You could try this: https://github.com/budjb/grails-jaxrs-security
Did you succeed in using one of the plugins dedicated to security?
Unfortunately I didn't.. I dropped it and I did standalone Java REST web service connected to the same database on the server as Grails app.
Can i use annotations to secure my resources or have I to use UrlMappings for that?
@erickmelo did you try this plugin? https://github.com/budjb/grails-jaxrs-security
The documentation is off-line (broken link): Error 404 (http://budjb.github.io/grails-spring-security-jaxrs/doc/manual/index.html)
@erickmelo yeah I dont think the docs are done yet, but I can help you get it working. We have been using that plugin for about a year now. It works really well.
Docs are up now. Great thing about the plugin is it doesn't require any configuration :) It does require jaxrs 0.11 and spring security rc4, however.
This issue was moved to budjb/grails-jaxrs#9
Is this issue was solved? I'm having the same issue. I think this is a configuration issue. Could you please assist me?
Hi,
I am beginner with Grails and struggling some problem with combining REST api and Spring Security for my web application (grails version: 2.2.4).
Before creating API I created registration and authentication system and all works fine. About REST, till now I have tried two ways, one according to documentation (http://www.grails.org/doc/2.2.x/guide/webServices.html), second by using JAX-RS plugin. In both ways I go thorugh all needed steps without problems till I try to test if any api's URL works, I always got this message in browser: "Sorry, you are not authorized to view this page", even if I am logged in as the admin (ROLE_ADMIN).
I tried to add some static rule or intercepturlmap to config.groovy file but nothing have helped.
Please help me, give any clues, suggestions, every reply very appreciated!
Seb