These are chat archives for alvarosanchez/spring-security-rest

22nd
Feb 2015
Siim Talvik
@simpss
Feb 22 2015 11:26

Hi, i'm having a problem getting my requests authenticated, I get a 401 every time. The credentials can be checked and a token is received. the relevant config.groovy

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.usernamePropertyName='email'
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.saas.user.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.saas.user.UserRole'
grails.plugin.springsecurity.authority.className = 'com.saas.user.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
        '/':               ['permitAll'],
        '/index':          ['permitAll'],
        '/index.gsp':      ['permitAll'],
        '/assets/**':      ['permitAll'],
        '/**/js/**':       ['permitAll'],
        '/**/css/**':      ['permitAll'],
        '/**/images/**':   ['permitAll'],
        '/**/favicon.ico': ['permitAll']
]
grails.plugin.springsecurity.filterChain.chainMap = [
        '/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter',  // Stateless chain
        '/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'                                                                          // Traditional chain
]

//spring security rest configuration
grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'com.saas.user.SaasToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName = 'tokenValue'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName = 'email'

grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.usernamePropertyName = 'email'
grails.plugin.springsecurity.rest.login.passwordPropertyName = 'password'

grails.plugin.springsecurity.rest.token.validation.active   = true
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'
grails.plugin.springsecurity.rest.token.validation.endpointUrl  = '/api/validate'

request to localhost:8080/rest_api/api/validate. the token exists in the DB so that should be OK. tried it with and without 'Bearer', Tried changing the headerName configuration, nothing...
and the request header i'm using is, :

X-Auth-Token:Bearer i64fli2k08kifvf7d771uib45dsrbdfd
not really sure what's gone wrong, thought i'd drop by and ask for a bit of help
Siim Talvik
@simpss
Feb 22 2015 12:04
Looks like i got it working by using "Authorization:Bearer tokenValue", knew it was something simple :)