Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Lawrence Lee
@ChaosWars
ok, but that will actually encrypt the JWT right?
I'm just actually trying to keep the signing valid between runs
or is this unnecessary for that?
Álvaro Sánchez-Mariscal
@alvarosanchez
you have 2 options: signing or encrypting
signing uses an HMAC algorithm, so as long as you keep the secret constant in your configuration, it will work across executions
Lawrence Lee
@ChaosWars
ok, thanks
Álvaro Sánchez-Mariscal
@alvarosanchez
encryption can use auto-generated pubilc/private keys (the one with the warning, which is suitable for development), or your own provided key pair (which should be used for production)
whether you use encryption or not will depend if the information in the claims is sensitive
Lawrence Lee
@ChaosWars
Ok, the weird thing is that you get the message about the autogenerated keys even if useEncryptedJwt is set to false. And setting your own secret doesn't make it go away
Álvaro Sánchez-Mariscal
@alvarosanchez
I still don't get the point of setting useEncryptedJwt = false and then specifying private and public keys
first of all, useEncryptedJwt = false is the default value, you don't have to set it
if you want to use signed JWT's, then all the defaults are enough. You just have to change the secret
Lawrence Lee
@ChaosWars
So I gathered. Eventually :P The standard warning message threw me off - I thought it was related. If you set the secret then the tokens do remain valid between runs, but you still see the message even though you are not using encryption, which is really confusing
Álvaro Sánchez-Mariscal
@alvarosanchez
@ChaosWars after looking more carefully to the code, I identified the confusing message you mentioned. I thought it was only printed when useEncryptedJwt = true, but I was wrong
It will be fixed in the upcoming release (1.5.2)
Regardless of the message, the useEncryptedJwt setting is respected and used
Lawrence Lee
@ChaosWars
Awesome, thanks for looking into that. The documentation is very clear in retrospect, the error message was just confusing due to the mental fugue I was in at the time after reading documentation for different plugins for hours on end :P
Krystian Podbielski
@podbielk
@alvarosanchez
Do you have plan to support Grails 3?
regards
Álvaro Sánchez-Mariscal
@alvarosanchez
Not with the current form of the plugin
It depends on spring-security-core, and that is not ready for Grails 3 nor it won't be in the near future
I might do something for Spring Boot (so compatible with Grails 3 too), but not in the short term
Lawrence Lee
@ChaosWars
Is there any indication when Spring Security Core will be ready for Grails 3?
Álvaro Sánchez-Mariscal
@alvarosanchez
I do not know
Felipe Valdivia Vivar
@rekiemfaxaf
Hi Alvaro, thanks for the puglin, it's work fine, i have some ussue, whem i log in to my app, i recive my token correctly, but when i want to call another controller, always get to login page, i create a urlmapping for it but it's not working, just i go to the login page.
myurlmapping "/json/datosListaJson/$periodos&$listas" (controller:'DetalleLista', action:'datosListaJson')
when i call logged in on my app works, but when i go throuth the api, get me to the login, hope you can help me
Felipe Valdivia Vivar
@rekiemfaxaf
im already done! i forgot to create the class AuthenticationToken on my domains :p, that was all, and thnx again for the puglin works great!
findingjimoh
@findingjimoh
hey guys, i really love the plugin. used it locally and it was working perfectly, but when i deploy it to my server it has a problem finding the springSecurityFilterChain bean. i posted on stack, but haven't gotten an answer yet. would appreciate any help http://stackoverflow.com/questions/30948654/no-bean-named-springsecurityfilterchain-is-defined
Álvaro Sánchez-Mariscal
@alvarosanchez
@findingjimoh the link is broken
Lawrence Lee
@ChaosWars
Is it possible to add a TokenReader without replacing the default behavior of the plugin?
I want to read the JWT from a GET parameter for one particular URI. It's a bit funky, but I'm dealing with a legacy system
Álvaro Sánchez-Mariscal
@alvarosanchez
you can subclass BearerTokenReader, and in your implementation, if is the URI you want, read it from a GET parameter, else call super.findToken()
Lawrence Lee
@ChaosWars
hehe, that's exactly what I did
thanks for the confirmation
Álvaro Sánchez-Mariscal
@alvarosanchez
:+1:
Lawrence Lee
@ChaosWars
Whoops, found a crash in the plugin. Where can I report it?
Álvaro Sánchez-Mariscal
@alvarosanchez
Lawrence Lee
@ChaosWars
:+1:
Ejaz Ahmed
@ejaz-ahmed
Hey guys, I am trying @Álvaros greach2014 repo to get know how of plugin. I am able to generate authentication token using this
curl -i -H "Content-Type: application/json" -d '{"username":"jimi","password":"jimispassword"}' http://localhost:8080/restful-grails-springsecurity-greach2014/api/login -H "Accept: application/json"
When I sent GET request with token as X-Auth-Token header using cURL, I am redirected to login page again
I am using Alvaros repo as is without any change
Here is my cURL command and its response
curl -X GET -i -H "X-Auth-Token: 1eprcpl6u88thjd98ct7016lh4409cuS" -H "Accept: application/json" http://localhost:8080/restful-grails-springsecurity-greach2014/categories
HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9241EBF1B3DD4A070A751E35031AF641; Path=/restful-grails-springsecurity-greach2014/; HttpOnly
Location: http://localhost:8080/restful-grails-springsecurity-greach2014/login/auth
Content-Length: 0
Date: Tue, 07 Jul 2015 05:43:38 GMT
Lawrence Lee
@ChaosWars
You need to send it as a header
"Authorization: Bearer <token>"
Not as X-Auth-Token
curl -X GET -i -H "Authorization: Bearer 1eprcpl6u88thjd98ct7016lh4409cuS" -H "Accept: application/json" http://localhost:8080/restful-grails-springsecurity-greach2014/categories
Ejaz Ahmed
@ejaz-ahmed
Thanks @ChaosWars for your response. I have tried this too. It results in exceptions as below
 curl -X GET -i -H "Authorization:Bearer pi86f2qboar5so0h10h0sjod56bl57re" -H "Accept: application/json"  http://localhost:8080/restful-grails-springsecurity-greach2014/categories
HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 4472
Date: Wed, 08 Jul 2015 05:22:01 GMT
Connection: close

<html><head><title>Apache Tomcat/7.0.52 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - Timeout waiting for value</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>Timeout waiting for value</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>net.spy.memcached.OperationTimeoutException: Timeout waiting for value
    net.spy.memcached.MemcachedClient.getAndTouch(MemcachedClient.java:1179)
    net.spy.memcached.MemcachedClient.getAndTouch(MemcachedClient.java:1196)
    grails.plugin.springsecurity.rest.token.storage.MemcachedTokenStorageService.findExistingUserDetails(MemcachedTokenStorageService.groovy:64)
    grails.plugin.springsecurity.rest.token.storage.MemcachedTokenStorageService.loadUserByToken(MemcachedTokenStorageService.groovy:37)
    grails.plugin.springsecurity.rest.RestAuthenticationProvider.authenticate(RestAuthenticationProvider.groovy:55)
    grails.plugin.springsecurity.rest.RestTokenValidationFilter.doFilter(RestTokenValidationFilter.groovy:75)
    grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
    grails.plugin.springsecurity.rest.RestAuthenticationFilter.doFilter(RestAuthenticationFilter.groovy:139)
    grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:53)
    grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62)
    grails.plugin.springsecurity.rest.RestLogoutFilter.doFilter(RestLogoutFilter.groovy:80)
    com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82)
    java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    java.lang.Thread.run(Thread.java:745)
</pre></p><p><b>root cause</b> <pre>net.spy.memcached.internal.CheckedOperationTimeoutException: Timed out waiting for operation - failing node: localhost/127.0.0.1:11211
    net.spy.memcached.internal.OperationFuture.get(OperationFuture.java:167)
    net.spy.memcached.MemcachedClient.getAndTouch(MemcachedClient.java:1168)
    net.spy.memcached.MemcachedClient.getAndTouch(MemcachedClient.java:1196)
    grails.plugin.springsecurity.rest.token.storage.MemcachedTokenStorageService.findExistingUserDetails(MemcachedTokenStorageService.groovy:64)
    grails.plugin.springsecurity.rest.token.storage.MemcachedTokenStorageService.loadUserByToken(MemcachedTokenStorageService.groovy:37)
    grails.plugin.springsecurity.rest.RestAuthenticationProvider.authenticate(RestAuthenticationProvider.groovy:55)
    grails.plugin.springsecurity.rest.RestTokenValidationFilter.doFilter(RestTokenValidationFilter.groovy:75)
    grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
    grails.plugin.springsecurity.rest.RestAuthenticationFilter.doFilter(RestAuthenticationFilter.groovy:139)
    grails.plugin.springsecurity.web.
Ejaz Ahmed
@ejaz-ahmed
From the this exception, it looked like memcached has some storage issues. I changed the token storage to grails cache but still facing the same exception