Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Álvaro Sánchez-Mariscal
@alvarosanchez
I don't fully understand your question
Sufyan Shoaib
@sufyanshoaib
Hi.. is it possible to do a manually login? I am actually trying to register a user, and on success, i would like to login that user and return a valid token.
Álvaro Sánchez-Mariscal
@alvarosanchez
manually from where?
from the command line?
Sufyan Shoaib
@sufyanshoaib
from controller, a request for registration is made, and on success i need to login that user... so this will be performed in controller's action.
Sufyan Shoaib
@sufyanshoaib
Also, Is there any method or class that i can use to get the current logged user token?
Álvaro Sánchez-Mariscal
@alvarosanchez
you can use springSecurityService.reauthenticate(username)
Álvaro Sánchez-Mariscal
@alvarosanchez
as for the current token, you can take a look at springSecurityService.principal
Sufyan Shoaib
@sufyanshoaib
ok great.. i will check this and will get back .. thanks.
rod3go
@rod3go

Hi. I am trying to use the plugin. I've configured it to use Grails cache and I've provided the proper configuration. Also I pasted the filterChain code from the documentation. However, whenever I try to access a restricted controller, it redirects me to login page (html), also whenever I try to login to the authentication endpoint I get a 401 status code.

Is there any configuration I am missing?

Sufyan Shoaib
@sufyanshoaib
@alvarosanchez reauthenticate() method login the user ... but it doesnt create access token in authentication_token table... So i am not able to get the token :( ... If i see some code, RestAuthenticationFilter is doing that.. but in my case, i need to authenticate and get the access token from within my action method ..
rod3go
@rod3go
Please disregard my last message. I am not sure what I did wrong. But I started over and everything worked just fine. :)
Le Pogam Brivael
@briva
Hello.
I'm currently trying to setup memcache with sprint security rest and grails.
gabrielmds
@gabrielmds
Hello Alvaro, I am using spring-security-rest to authenticate users in a REST API and I had to let the client know if the account was locked ou expired. I added some code to BearerTokenAuthenticationFailureHandler to add de proper header messages.Is that recommended? Thank you
MadhuAithal
@MadhuAithal
Hello Alvaro, I wanted to know if I can use spring-security-rest 1.4 with grails 2.1.1 and spring-security-core 1.2.7. If that is not possible what version of spring-security-rest would you recommend and what functionality would I miss?
Álvaro Sánchez-Mariscal
@alvarosanchez
sorry guys, I was on vacation :)
I replied to the stackoverflow question I've seen so far
@gabrielmds yes, that is fine
@MadhuAithal it's not possible. SS core 1.x and 2.x have API changes that will make the REST plugin to not compile at all. I'm afraid you'll have to upgrade to spring-security-core 2.x
Minhaj
@minhajkk
Hi @alvarosanchez My Validation Endpoint is not working? I dont find any example using Validation Endpoint just to validate the token.
Álvaro Sánchez-Mariscal
@alvarosanchez
@minhajkk what is not working? What is your application base URL? How are you making the request?
sbrady
@sbrady
I am getting "Caused by InvalidMimeTypeException: Invalid mime type "null": 'mimeType' must not be empty" I am using ,spring-security-core:2.0-RC4,spring-security-rest:1.4.0. I can see there were some pull requests around this. has it been solved yet?
Álvaro Sánchez-Mariscal
@alvarosanchez
@sbrady see #116
sbrady
@sbrady
great thanks
ferasodh
@ferasodh
Hi alvarosanchez
Can I use spring-security-rest as a replacement of Oauth?
ferasodh
@ferasodh
My app has server side part and java script client side where I found that your plugin fits. But I want to be able to authenticate other clients who want to consume my service. Does your plugin support this? or do you suggest using another approach?
Aaron Eischeid
@aeischeid
having this in my url mappings :
name api1: "/api/$controller"{
action = [GET: "list", POST: "save"]
format = "json"
}
might be causing my issue, but I not sure what to put in there instead to handle the default login, logout and, verify paths
as it is I am getting a hard to understand infinite loop when I try to login.
any thoughts?
Aaron Eischeid
@aeischeid
hmmm, changed grails.plugin.springsecurity.rest.login.endpointUrl = '/api/gettoken' to avoid the loginController I had in place from springSecurityUI, now the error happens at api/gettoken and api/login works as it did bfore. but still not sure how to get this token plugin working.
a bit from the stacktrace that seemed relevant:
javax.servlet.ServletException: Servlet execution threw an exception
at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
at com.odobo.grails.plugin.springsecurity.rest.RestAuthenticationFilter.doFilter(RestAuthenticationFilter.groovy:108)
at grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:49)
at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:82)
at com.odobo.grails.plugin.springsecurity.rest.RestLogoutFilter.doFilter(RestLogoutFilter.groovy:63)
at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
I am trying to track this down through the source, but so far not figuring much out
Aaron Eischeid
@aeischeid
okay, think I figured this out. didn't have my full package path for the GORM domain class. only had the domainClass name. AuthToken instead of com.my.path.AuthToken
Álvaro Sánchez-Mariscal
@alvarosanchez
@ferasodh I have replied to you in SO
Sebastian Ortiz
@neoecos
@alvarosanchez what you think about the pull request i made ?
ferasodh
@ferasodh
This message was deleted
This message was deleted
@alvarosanchez What about access token expiration? It seems like it doesn't expire. Isn't this a security threat as most users didn't log out? Is there a way to have refresh token?
Álvaro Sánchez-Mariscal
@alvarosanchez
@ferasodh tokens do expire when using Memcached. If you're using GORM, you'll have to handle token expiration by yourself via Quartz jobs or similar
@neoecos I have to look deeply at them. Thank you for contributing anyway!
ferasodh
@ferasodh
@alvarosanchez If using Memcached is their a way to refresh token?
Álvaro Sánchez-Mariscal
@alvarosanchez
In Memcached they will expire automatically after the configured timeout (1h by default)
They get refreshed on every access
ferasodh
@ferasodh
Thanks alvarosanchez.