Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
sbrady
@sbrady
I am getting "Caused by InvalidMimeTypeException: Invalid mime type "null": 'mimeType' must not be empty" I am using ,spring-security-core:2.0-RC4,spring-security-rest:1.4.0. I can see there were some pull requests around this. has it been solved yet?
Álvaro Sánchez-Mariscal
@alvarosanchez
@sbrady see #116
sbrady
@sbrady
great thanks
ferasodh
@ferasodh
Hi alvarosanchez
Can I use spring-security-rest as a replacement of Oauth?
ferasodh
@ferasodh
My app has server side part and java script client side where I found that your plugin fits. But I want to be able to authenticate other clients who want to consume my service. Does your plugin support this? or do you suggest using another approach?
Aaron Eischeid
@aeischeid
having this in my url mappings :
name api1: "/api/$controller"{
action = [GET: "list", POST: "save"]
format = "json"
}
might be causing my issue, but I not sure what to put in there instead to handle the default login, logout and, verify paths
as it is I am getting a hard to understand infinite loop when I try to login.
any thoughts?
Aaron Eischeid
@aeischeid
hmmm, changed grails.plugin.springsecurity.rest.login.endpointUrl = '/api/gettoken' to avoid the loginController I had in place from springSecurityUI, now the error happens at api/gettoken and api/login works as it did bfore. but still not sure how to get this token plugin working.
a bit from the stacktrace that seemed relevant:
javax.servlet.ServletException: Servlet execution threw an exception
at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
at com.odobo.grails.plugin.springsecurity.rest.RestAuthenticationFilter.doFilter(RestAuthenticationFilter.groovy:108)
at grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:49)
at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:82)
at com.odobo.grails.plugin.springsecurity.rest.RestLogoutFilter.doFilter(RestLogoutFilter.groovy:63)
at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
I am trying to track this down through the source, but so far not figuring much out
Aaron Eischeid
@aeischeid
okay, think I figured this out. didn't have my full package path for the GORM domain class. only had the domainClass name. AuthToken instead of com.my.path.AuthToken
Álvaro Sánchez-Mariscal
@alvarosanchez
@ferasodh I have replied to you in SO
Sebastian Ortiz
@neoecos
@alvarosanchez what you think about the pull request i made ?
ferasodh
@ferasodh
This message was deleted
This message was deleted
@alvarosanchez What about access token expiration? It seems like it doesn't expire. Isn't this a security threat as most users didn't log out? Is there a way to have refresh token?
Álvaro Sánchez-Mariscal
@alvarosanchez
@ferasodh tokens do expire when using Memcached. If you're using GORM, you'll have to handle token expiration by yourself via Quartz jobs or similar
@neoecos I have to look deeply at them. Thank you for contributing anyway!
ferasodh
@ferasodh
@alvarosanchez If using Memcached is their a way to refresh token?
Álvaro Sánchez-Mariscal
@alvarosanchez
In Memcached they will expire automatically after the configured timeout (1h by default)
They get refreshed on every access
ferasodh
@ferasodh
Thanks alvarosanchez.
I have a question about Delegating authentication to OAuth providers In case of successful authentication in facebook or twitter does user information logged in database or it is just kept in application level?
I mean I want a way to have those personal information of users logged through facebook or twitter in database how can I do that?
Álvaro Sánchez-Mariscal
@alvarosanchez
@ferasodh the details don't get logged
If you want to do that, you need to override OauthController with your own implementation
ferasodh
@ferasodh
Thanks alvaro
I got 400 bad request when I tried to access api/login
do you have any idea how to solve this?
I but the following properties in config
grails.plugin.springsecurity.rest.token.validation.enableAnonymousAccess=true
grails.plugin.springsecurity.rest.login.active =true
grails.plugin.springsecurity.rest.login.endpointUrl ='/api/login'
grails.plugin.springsecurity.rest.login.failureStatusCode =401
Álvaro Sánchez-Mariscal
@alvarosanchez
@ferasodh a bad request implies something missing in the request. How are you making it?
Aaron Eischeid
@aeischeid
seems like you're experiencing similar to #137
the bearerTokenReader probably should never be gotten to in the case of an anonymousAccess url. but if it is reached it will give a 400 if a token is not included in either the header or body or if the content type is not 'application/x-www-form-urlencoded'. The comments say it should also look in the query string but I don't think it actually does that. (see #130)
nikuelias
@nikuelias
Hola Alvaro, gracias por contestarme por twitter. Queria conocer si existe la posiblidad de que cuando hay un login (tanto Successfull como Failed), pueda además de devolver un 200 o 401, pueda mandar un json con un formato como {"status":"Error","message":"User and password not found"}. Como lo podría hacer? Muchas gracias
Álvaro Sánchez-Mariscal
@alvarosanchez
@nikuelias tienes que implementar tu propia versión de org.springframework.security.web.authentication.AuthenticationFailureHandler, y registrarla en resources.groovy como restAuthenticationFailureHandler
sbrady
@sbrady
Hi All, I am attempting to run the test-app.sh, I keep getting:
| Error Compilation error compiling [unit] tests: (class: com/odobo/grails/plugin/springsecurity/rest/RestAuthenticationToken, method: super$1$implies signature: (Ljavax/security/auth/Subject;)Z) Illegal use of nonvirtual function call (Use --stacktrace to see the full trace)
I am using Java(TM) SE Runtime Environment (build 1.7.0_71-b14)
maybe its a groovy version issue?
sbrady
@sbrady
never mind grails clean seemed to fix it
sbrady
@sbrady
Hey @alvarosanchez , thanks for the release
I have a question/suggestion re rfc6750, I think when a user makes a request to a secured url with out any token, it should respond with a 401, (https://tools.ietf.org/html/rfc6750#section-3.1)
I'd expect to get a 403, when I have an authenticated token but my access scope is forbidden
prdonahue
@prdonahue
anyone here having trouble implementing the anonymous example in the docs?
i just wrote a (pretty meaty) explanation here: alvarosanchez/grails-spring-security-rest#122