search

recruz79 / swaggy-hidden

Graddle extension to hide unwanted fields for Swagger plugin
1 stars 0 forks source link

Swing Security #1

Open cnuland opened 7 years ago

cnuland commented 7 years ago

Tried to follow the same security settings that you have for swing security but I get a 403 when I go to the api URI. If I disable the swing security then it works fine, but I'd like the swing security to be login based and the public api to be token based like in your example. Here's what I have in my application.groovy for my spring security settings, was wondering if you had any input on what the issue might be. Thanks for any input you can give!

edit: I'm also using Grails 3.2 with the REST controller option, if that helps any!

grails.plugin.springsecurity.userLookup.userDomainClassName = 'cyberinform.LoginUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'cyberinform.UserRole'
grails.plugin.springsecurity.authority.className = 'cyberinform.Role'
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'
grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'cyberinform.AuthenticationToken'

grails.plugin.springsecurity.rest.login.active = true
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.endpointUrl = '/api/login'
grails.plugin.springsecurity.rest.login.useJsonCredentials=true
grails.plugin.springsecurity.rest.login.usernamePropertyName='username'
grails.plugin.springsecurity.rest.login.passwordPropertyName='password'

grails.plugins.springsecurity.successHandler.defaultTargetUrl = '/blueapi'
grails.plugins.springsecurity.successHandler.alwaysUseDefault = true

grails.databinding.dateFormats = ['yyyy-MM-dd HH:mm:ss.S', 'yyyy-MM-dd']
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    [pattern: '/**',               access: ['isFullyAuthenticated()']],
        [pattern: '/blueapi/**',               access: ['permitAll']],
    [pattern: '/error',          access: ['permitAll']],
    [pattern: '/index',          access: ['permitAll']],
    [pattern: '/index.gsp',      access: ['permitAll']],
    [pattern: '/shutdown',       access: ['permitAll']],
    [pattern: '/assets/**',      access: ['permitAll']],
    [pattern: '/**/js/**',       access: ['permitAll']],
    [pattern: '/**/css/**',      access: ['permitAll']],
    [pattern: '/**/images/**',   access: ['permitAll']],
    [pattern: '/**/favicon.ico', access: ['permitAll']]
]

grails.plugin.springsecurity.filterChain.chainMap = [
    //Stateless chain
     [ pattern: '/blueapi/**',
        filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'
],
     [ pattern: '/**',
          filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
]
matiasgraziani commented 7 years ago

Hi cnuland, First we are using Spring Security, don't know if you have a different configuration with Swing Security. Second you are setting the API login on /api/login but you are not allowing to get there on the staticRules, maybe if you add it there works. Hope it Helps,

Matias