Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Sep 18 18:31
    dbaylerg commented #396
  • Sep 04 15:27

    alvarosanchez on develop

    Update README.md Merge pull request #404 from ab… (compare)

  • Sep 04 15:27
    alvarosanchez closed #404
  • Sep 04 14:53
    abrahaj opened #404
  • Aug 30 15:25
    alvarosanchez commented #402
  • Aug 30 15:24

    alvarosanchez on 2.x

    Issue #391 - Don't allow refres… Split refresh and access load m… Switch travis to openjdk8 since… and 3 more (compare)

  • Aug 30 15:24
    alvarosanchez closed #402
  • Aug 30 15:14
    alvarosanchez commented #402
  • Aug 30 14:55
    longwa synchronize #402
  • Aug 30 14:47
    longwa commented #402
  • Aug 30 14:03
    longwa commented #402
  • Aug 30 14:02
    longwa synchronize #402
  • Aug 30 11:55
    longwa commented #402
  • Aug 30 11:52
    longwa commented #403
  • Aug 30 09:22
    alvarosanchez commented #403
  • Aug 30 09:16
    alvarosanchez commented #402
  • Aug 30 09:15

    alvarosanchez on 2.x

    Attempt to fix failing tests (compare)

  • Aug 30 09:01
    alvarosanchez commented #402
  • Aug 30 08:18

    alvarosanchez on 2.x

    Publishing RestTokenCreationEve… Merge pull request #401 from lo… (compare)

Hussain Fakhruddin
@hussainanjar
For Grails 3 users are opting for spring-boot-starter-security to integrate spring security, what is the plan to integrate spring-security-rest plugin with Grails 3 ?
Álvaro Sánchez-Mariscal
@alvarosanchez
@ChaosWars I don't quite get your question. You need a token that represents another user?
@afrobeard this is a Grails plug-in. If you are not using Grails, there's no point on using it
@hussainanjar there are no plans to support Grails. My latest statement regarding that can be seen in slide 84 @ http://www.slideshare.net/alvarosanchezmariscal/stateless-authentication-for-microservices-gr8conf-2015
Lawrence Lee
@ChaosWars
@alvarosanchez yeah, a business case for our software is letting admins log in as users when users report issues via the error reporting capabilities of the application. So we need to generate a valid token for that user so that the admin can log into their account and see what if is going on is actually a bug before filing a bug report
Álvaro Sánchez-Mariscal
@alvarosanchez
you can use TokenGenerator's AccessToken generateAccessToken(UserDetails principal) method
to get the user details of another user, you can use UserDetailsService's UserDetails loadUserByUsername(String username)
the bean name of the former is tokenGenerator, and the latter is userDetailsService
Inject them in your controller/service and use them
Lawrence Lee
@ChaosWars
Thanks, I'll try that
Lawrence Lee
@ChaosWars
Awesome, that works. One last question on the issue: how is the JSON rendered in the plugin for the login endpoint?
Lawrence Lee
@ChaosWars
nm, sily question. Found it in the controller :+1:
James Kleeh
@jameskleeh
@alvarosanchez Docs added for the events
Luis Muniz
@LuisMuniz

Hi just in case someone else hits this roadblock. I was getting this error when starting up the application (grails-2.5.1) hosting spring-security-rest (1.4.0):

| Error 2014-07-22 17:47:55,824 [localhost-startStop-1] ERROR plugins.DefaultGrailsPluginManager  - Error configuring dynamic methods for plugin [springSecurityCore:2.0-RC4]: null
Message: null
    Line | Method
->>  327 | compileStaticRules        in grails.plugin.springsecurity.web.access.intercept.AnnotationFilterInvocationDefinition

When I switch to using spring-security-core-2.0-RC3 (instead of 2.0-RC4), the error does not occur. And when I switched back to RC4, the error disappeared. Some kind of caching issue, but i ran clean-all about a googol times with no results

Fairuz Wan Ismail
@wmfairuz
I'm planning to have a separate rest client (pure frontend running Angularjs app) and a restful API (using spring cloud, spring security and the gang). I have doubt right now on what grant type should I use.
I want to use password grant type since both apps are mine but someone said we shouldn't use it in the browser. Does someone know why?
Álvaro Sánchez-Mariscal
@alvarosanchez
You can use the password grant if you want to. Another option would be the implicit grant
Thought Object
@thoughtobj
Does this plugin work with Grails 3?
Ejaz Ahmed
@ejaz-ahmed
No. This plugin does not work with grails3 right now
Raj
@rajjaiswalsaumya
how Check CSRf headers is available
to*
default spring security relies on spring tag for csrf token that can be generated in jsp only. But we have one page html.
so neither spring tags nor meta tag works
so went with CSRF custom headers that im adding in my custom filters
how and where to add that filter and how to verify it as no csrf attack
Burp report sends jusername and jpassword and gets 302 response
:(
cant rely on cookie
as burp changes the cookie too
Fairuz Wan Ismail
@wmfairuz
@alvarosanchez Thanks! I end up using just password grant
Adetunji Adegbite
@twonjee2002
hi all, I am testing the login spring security rest api for my app using post man and curl but getting a 401 response with the following details. Any clue on what could be causing this.
access-control-allow-credentials →true access-control-allow-origin →chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop content-length →0 date →Wed, 18 Apr 2018 20:38:43 GMT vary →Origin
with error 401 status
i am testing via postman.
here is my application.groovy

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.teejay.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.teejay.UserAuthority'
grails.plugin.springsecurity.authority.className = 'com.teejay.Authority'
grails.plugin.springsecurity.securityConfigType = "InterceptUrlMap"
grails.plugin.springsecurity.interceptUrlMap = [
    [pattern: '/',               access: ['permitAll']],
    [pattern: '/error',          access: ['permitAll']],
    [pattern: '/index',          access: ['permitAll']],
    [pattern: '/index.gsp',      access: ['permitAll']],
    [pattern: '/shutdown',       access: ['permitAll']],
    [pattern: '/assets/**',      access: ['permitAll']],
    [pattern: '/**/js/**',       access: ['permitAll']],
    [pattern: '/**/css/**',      access: ['permitAll']],
    [pattern: '/**/images/**',   access: ['permitAll']],
    [pattern: '/**/favicon.ico', access: ['permitAll']],
    [pattern: '/dbconsole/**', access: ['permitAll']],
    [pattern: '/api/login',          access: ['permitAll']],
    [pattern: '/mtoken',          access: ['ROLE_USER']],
    [pattern: '/api/logout',        access: ['isFullyAuthenticated()']],
    [pattern: '/api/jtoken',    access: ['isFullyAuthenticated()']],
    [pattern: '/**',             access: ['isFullyAuthenticated()']]
]

grails.plugin.springsecurity.filterChain.chainMap = [
    [pattern: '/api/**', filters:'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'],
  [pattern: '/**', filters:'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter']
]

grails.plugin.springsecurity.rest.token.validation.active=true
grails.plugin.springsecurity.rest.token.validation.endpointUrl='/api/validate'

grails.plugin.springsecurity.rest.logout.endpointUrl = '/api/logout'
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'
grails.plugin.springsecurity.rest.token.storage.memcached.hosts = 'localhost:11211'
grails.plugin.springsecurity.rest.token.storage.memcached.username = ''
grails.plugin.springsecurity.rest.token.storage.memcached.password = ''
grails.plugin.springsecurity.rest.token.storage.memcached.expiration = 86400
grails.plugin.springsecurity.password.algorithm = 'SHA-256'
grails.plugin.springsecurity.password.hash.iterations = 1


//token rendering
grails.plugin.springsecurity.rest.token.rendering.usernamePropertyName='username'
grails.plugin.springsecurity.rest.token.rendering.authoritiesPropertyName='authority'
grails.plugin.springsecurity.rest.token.rendering.tokenPropertyName='token'
grails.plugin.springsecurity.rest.token.generation.useUUID=false
grails.plugin.springsecurity.rest.token.generation.useSecureRandom=true

//login
grails.plugin.springsecurity.rest.login.active=true
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.login.passwordPropertyName='password'
grails.plugin.springsecurity.rest.login.endpointUrl='/api/login'
grails.plugin.springsecurity.rest.login.useRequestParamsCredentials = false
Adetunji Adegbite
@twonjee2002
Hi all, please I still need help using spring-security-rest with grails 3.3.0 anyone with a working example will be highly appreciated.
jmiguel rodriguez
@jmiguelr
Hi @twonjee2002 . You'd better ask in the slack grails channel: grails.slack.com
Sufyan Shoaib
@sufyanshoaib
HI All, I have question if anyone can help. Is it possible to define custom Authentication Controller that can login and logout a user and do some other stuff after login or logout?
Also, is it possible to define some error message when authentication failed? like username not found
Ejaz Ahmed
@ejaz-ahmed
@sufyanshoaib use grails slack channel instead for such questions.
lykeosovandara
@keo_012_gitlab
can i haveone sample please
i'm still new to this
Premkumar
@apremkumar
Hi all, I am using security-rest-2.0.0.RC1
I am trying to intercept login action with grails interceptor
But I am unable to intercept /api/login call for some reason. Can anyone point me in the right direction?
public AuthenticationInterceptor() { match(uri: '/**') }
Sorry for the formatting. I'm new here. But this is what my interceptor looks like
prog20901
@prog20901

I have a groovy project and wanted to run code analysis.

When i searched for it, most of the web-site suggested to go for sonnar qube plugin for analysis

The latest sonarqube version throws error.

I would like to know the compatible version of SonarQube, Plugin for IDE with links to download.

Please advise.

Srinivas
@Sriniva63328880_twitter
Hi all