insufficient_scope 使用 Grails spring security rest 插件时出错
insufficient_scope error using Grails spring security rest plugin
我有一个使用 spring 安全性的标准 grails 网络应用程序,我想使用 spring-security-rest 插件( 1.5.1 版)。一切似乎都设置正确,但我提出的任何请求都会返回 403 错误,说 "insufficient_scope." 在任何文档中都没有关于此的内容,所以我希望有人能提供帮助。这是我使用 Grails 2.4.4 的设置:
config.groovy:
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter', // Stateless chain
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter' // Traditional chain
]
grails.plugin.springsecurity.ui.register.defaultRoleNames = ['ROLE_USER']
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.luncho.UserLuncho'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.luncho.UserLunchoRole'
grails.plugin.springsecurity.authority.className = 'com.luncho.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['ROLE_USER'],
'/user/create': ['ROLE_ADMIN'],
'/register/*': ['permitAll'],
'/login/*': ['permitAll'],
'/logout/*': ['permitAll'],
'/index.gsp': ['permitAll'],
'/plugins/**': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/restaurant/**': ['ROLE_USER']
]
我可以很好地进行身份验证,而且我确实取回了不记名令牌。但是,下面的 curl 命令(使用真实令牌代替 "my_token")总是发回 insufficient_scope 错误:
curl -i http://localhost:8080/lunchoweb/api/restaurant -H "Authorization: Bearer my_token"
还值得注意的是,控制器方法包含在一个名为 RestaurantAPIController 的独立控制器中。现在很简单:
class RestaurantAPIController {
def getAllRestaurants() {
render Restaurant.findAll() as JSON
}
}
与 URL 映射:
// REST end points
"/api/restaurant" {
controller="restaurantAPI"
action = "getAllRestaurants"
}
什么给了?
此处没有对“/api/**”范围的引用。
'/restaurant/**': ['ROLE_USER']
应该是
'/api/restaurant/**': ['ROLE_USER']
我有一个使用 spring 安全性的标准 grails 网络应用程序,我想使用 spring-security-rest 插件( 1.5.1 版)。一切似乎都设置正确,但我提出的任何请求都会返回 403 错误,说 "insufficient_scope." 在任何文档中都没有关于此的内容,所以我希望有人能提供帮助。这是我使用 Grails 2.4.4 的设置:
config.groovy:
grails.plugin.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter', // Stateless chain
'/**': 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter' // Traditional chain
]
grails.plugin.springsecurity.ui.register.defaultRoleNames = ['ROLE_USER']
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.luncho.UserLuncho'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.luncho.UserLunchoRole'
grails.plugin.springsecurity.authority.className = 'com.luncho.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['ROLE_USER'],
'/user/create': ['ROLE_ADMIN'],
'/register/*': ['permitAll'],
'/login/*': ['permitAll'],
'/logout/*': ['permitAll'],
'/index.gsp': ['permitAll'],
'/plugins/**': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/restaurant/**': ['ROLE_USER']
]
我可以很好地进行身份验证,而且我确实取回了不记名令牌。但是,下面的 curl 命令(使用真实令牌代替 "my_token")总是发回 insufficient_scope 错误:
curl -i http://localhost:8080/lunchoweb/api/restaurant -H "Authorization: Bearer my_token"
还值得注意的是,控制器方法包含在一个名为 RestaurantAPIController 的独立控制器中。现在很简单:
class RestaurantAPIController {
def getAllRestaurants() {
render Restaurant.findAll() as JSON
}
}
与 URL 映射:
// REST end points
"/api/restaurant" {
controller="restaurantAPI"
action = "getAllRestaurants"
}
什么给了?
此处没有对“/api/**”范围的引用。
'/restaurant/**': ['ROLE_USER']
应该是
'/api/restaurant/**': ['ROLE_USER']