Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
James Kleeh
@jameskleeh
@alvarosanchez Docs added for the events
Luis Muniz
@LuisMuniz

Hi just in case someone else hits this roadblock. I was getting this error when starting up the application (grails-2.5.1) hosting spring-security-rest (1.4.0):

| Error 2014-07-22 17:47:55,824 [localhost-startStop-1] ERROR plugins.DefaultGrailsPluginManager  - Error configuring dynamic methods for plugin [springSecurityCore:2.0-RC4]: null
Message: null
    Line | Method
->>  327 | compileStaticRules        in grails.plugin.springsecurity.web.access.intercept.AnnotationFilterInvocationDefinition

When I switch to using spring-security-core-2.0-RC3 (instead of 2.0-RC4), the error does not occur. And when I switched back to RC4, the error disappeared. Some kind of caching issue, but i ran clean-all about a googol times with no results

Fairuz Wan Ismail
@wmfairuz
I'm planning to have a separate rest client (pure frontend running Angularjs app) and a restful API (using spring cloud, spring security and the gang). I have doubt right now on what grant type should I use.
I want to use password grant type since both apps are mine but someone said we shouldn't use it in the browser. Does someone know why?
Álvaro Sánchez-Mariscal
@alvarosanchez
You can use the password grant if you want to. Another option would be the implicit grant
Thought Object
@thoughtobj
Does this plugin work with Grails 3?
Ejaz Ahmed
@ejaz-ahmed
No. This plugin does not work with grails3 right now
Raj
@rajjaiswalsaumya
how Check CSRf headers is available
to*
default spring security relies on spring tag for csrf token that can be generated in jsp only. But we have one page html.
so neither spring tags nor meta tag works
so went with CSRF custom headers that im adding in my custom filters
how and where to add that filter and how to verify it as no csrf attack
Burp report sends jusername and jpassword and gets 302 response
:(
cant rely on cookie
as burp changes the cookie too
Fairuz Wan Ismail
@wmfairuz
@alvarosanchez Thanks! I end up using just password grant
Adetunji Adegbite
@twonjee2002
hi all, I am testing the login spring security rest api for my app using post man and curl but getting a 401 response with the following details. Any clue on what could be causing this.
access-control-allow-credentials →true access-control-allow-origin →chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop content-length →0 date →Wed, 18 Apr 2018 20:38:43 GMT vary →Origin
with error 401 status
i am testing via postman.
here is my application.groovy

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.teejay.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.teejay.UserAuthority'
grails.plugin.springsecurity.authority.className = 'com.teejay.Authority'
grails.plugin.springsecurity.securityConfigType = "InterceptUrlMap"
grails.plugin.springsecurity.interceptUrlMap = [
    [pattern: '/',               access: ['permitAll']],
    [pattern: '/error',          access: ['permitAll']],
    [pattern: '/index',          access: ['permitAll']],
    [pattern: '/index.gsp',      access: ['permitAll']],
    [pattern: '/shutdown',       access: ['permitAll']],
    [pattern: '/assets/**',      access: ['permitAll']],
    [pattern: '/**/js/**',       access: ['permitAll']],
    [pattern: '/**/css/**',      access: ['permitAll']],
    [pattern: '/**/images/**',   access: ['permitAll']],
    [pattern: '/**/favicon.ico', access: ['permitAll']],
    [pattern: '/dbconsole/**', access: ['permitAll']],
    [pattern: '/api/login',          access: ['permitAll']],
    [pattern: '/mtoken',          access: ['ROLE_USER']],
    [pattern: '/api/logout',        access: ['isFullyAuthenticated()']],
    [pattern: '/api/jtoken',    access: ['isFullyAuthenticated()']],
    [pattern: '/**',             access: ['isFullyAuthenticated()']]
]

grails.plugin.springsecurity.filterChain.chainMap = [
    [pattern: '/api/**', filters:'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'],
  [pattern: '/**', filters:'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter']
]

grails.plugin.springsecurity.rest.token.validation.active=true
grails.plugin.springsecurity.rest.token.validation.endpointUrl='/api/validate'

grails.plugin.springsecurity.rest.logout.endpointUrl = '/api/logout'
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false
grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token'
grails.plugin.springsecurity.rest.token.storage.memcached.hosts = 'localhost:11211'
grails.plugin.springsecurity.rest.token.storage.memcached.username = ''
grails.plugin.springsecurity.rest.token.storage.memcached.password = ''
grails.plugin.springsecurity.rest.token.storage.memcached.expiration = 86400
grails.plugin.springsecurity.password.algorithm = 'SHA-256'
grails.plugin.springsecurity.password.hash.iterations = 1


//token rendering
grails.plugin.springsecurity.rest.token.rendering.usernamePropertyName='username'
grails.plugin.springsecurity.rest.token.rendering.authoritiesPropertyName='authority'
grails.plugin.springsecurity.rest.token.rendering.tokenPropertyName='token'
grails.plugin.springsecurity.rest.token.generation.useUUID=false
grails.plugin.springsecurity.rest.token.generation.useSecureRandom=true

//login
grails.plugin.springsecurity.rest.login.active=true
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.login.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.login.passwordPropertyName='password'
grails.plugin.springsecurity.rest.login.endpointUrl='/api/login'
grails.plugin.springsecurity.rest.login.useRequestParamsCredentials = false
Adetunji Adegbite
@twonjee2002
Hi all, please I still need help using spring-security-rest with grails 3.3.0 anyone with a working example will be highly appreciated.
jmiguel rodriguez
@jmiguelr
Hi @twonjee2002 . You'd better ask in the slack grails channel: grails.slack.com
Sufyan Shoaib
@sufyanshoaib
HI All, I have question if anyone can help. Is it possible to define custom Authentication Controller that can login and logout a user and do some other stuff after login or logout?
Also, is it possible to define some error message when authentication failed? like username not found
Ejaz Ahmed
@ejaz-ahmed
@sufyanshoaib use grails slack channel instead for such questions.
lykeosovandara
@keo_012_gitlab
can i haveone sample please
i'm still new to this
Premkumar
@apremkumar
Hi all, I am using security-rest-2.0.0.RC1
I am trying to intercept login action with grails interceptor
But I am unable to intercept /api/login call for some reason. Can anyone point me in the right direction?
public AuthenticationInterceptor() { match(uri: '/**') }
Sorry for the formatting. I'm new here. But this is what my interceptor looks like
prog20901
@prog20901

I have a groovy project and wanted to run code analysis.

When i searched for it, most of the web-site suggested to go for sonnar qube plugin for analysis

The latest sonarqube version throws error.

I would like to know the compatible version of SonarQube, Plugin for IDE with links to download.

Please advise.

Srinivas
@Sriniva63328880_twitter
Hi all