1. 首頁
  2. 問答
  3. grails spring rest插件insufficient_scope

grails spring rest插件insufficient_scope

2016-03-12 43 views
2

我試圖配置這個插件沒有成功。 /api/login返回令牌。它超過32個字符。grails spring rest插件insufficient_scope

authResponse:[username:root, roles:[RADIO_ADMIN], expires_in:3600, token_type:Bearer, access_token:eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0NTc4MTg0MjAsInN1YiI6InJvb3QiLCJwcmluY2lwYWwiOiJINHNJQUFBQUFBQUFBSlZTc1U0YlFSQ2RNMFlnV1NJUUtaRW9vSUYwMFZraXBTc0RBWUVPRThWeFE2UkU2N3Zoc3JDM2UrenVnZDBnVjFCUWdDQklrZmdGXC9nU2FmRUNVRkdtcGFaazlNR2ZTb0d5MU5cL1B1dlRkdjl2SUdobzJHZDdGbVhCZ1wvRlZuTXBXOVN6V1ZzTU13MHQxMFwvTTZnanREbGlPUWUycUFMM3h5dUJGMENKUnhaZUJsdHNsMVVGazNGMXZiMkZvYTExTk13cEhUOHdibXFXNEo3UzJcLzRqZDZnMFBoRW9xTDJURW94c3dBUUxRNVZKMjFEeWZTZmxHcU1OR0M5cWdRcTNYZWxWU0IyVWxqTmhCcUVqS0ZsYllCUkFoV1gybXlKVmpzYkNpM3V6bWVXaTJrUmJDMkEwWmNhUXUzOG1hVnBuM2ZXZFRVa1Q3TUErbER1cFI0ZXllK09ndnVQeEY1UVFORFZYMHN5MlpLSWl2c21kT1BIM3BrNVwvSGxcLzBXaVVBeXVUdDhcLzhVOWNsNTZGMTl1WjNPZ1wvWkNDNjhIckJld1dpY2xOeE1GOHllTlR2blhqdzluNXplSG40ZEkyU0dXXC9uOGZzXC9XSDVMb0xLa21aWmxZTjdJaG85OHJ1VHVUeno1UDN0OUQxbXp4SkJkS0xraGFqUjRtQ21NWXRheVg2ZVZ1b2ZLd3ZycXhcL3JTK3VyVFRjTjNXVkpkV3hmR2kzTFQ5UXRLdWp2eWZYeHpPXC9pV0VWaG5lWnlKQXlIeTlBalN4cG96NjRQSitxZlA5emxFXC9RZjgxM01OWjJpaEVEQUFBPSIsInJvbGVzIjpbIlJBRElPX0FETUlOIl0sImlhdCI6MTQ1NzgxNDgyMH0.LrsAlhZ_bbWC1TKqHKCfeL0l9nZfgd_fMcsUb4Np24M]

但是,如果我嘗試調用一個安全的端點像/ API /收音機,我總是得到:

[message:Access is denied, timestamp:1457814018972, error:Forbidden, status:403, path:/api/radios] 
[Server:[Apache-Coyote/1.1], WWW-Authenticate:[Bearer error="insufficient_scope"], Set-Cookie:[JSESSIONID=2AD3EF86B6BB1807747EBCCA98FB7DC8; Path=/; HttpOnly...]

我已經配置

grails.plugin.springsecurity.controllerAnnotations.staticRules = [ 
    [pattern: '/',    access: ['permitAll']], 
    [pattern: '/error',   access: ['permitAll']], 
    [pattern: '/index',   access: ['permitAll']], 
    [pattern: '/index.gsp',  access: ['permitAll']], 
    [pattern: '/shutdown',  access: ['permitAll']], 
    [pattern: '/assets/**',  access: ['permitAll']], 
    [pattern: '/**/js/**',  access: ['permitAll']], 
    [pattern: '/**/css/**',  access: ['permitAll']], 
    [pattern: '/**/images/**', access: ['permitAll']], 
    [pattern: '/**/favicon.ico', access: ['permitAll']], 
    [pattern: '/api/**',   access: ['permitAll']], 
    [pattern: '/api/radios/**', access: ['RADIO_ADMIN']] 
] 

grails.plugin.springsecurity.filterChain.chainMap = [ 
    // State less chain 
    [ 
      pattern: '/api/**', 
      filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter' 
    ], 
    [pattern: '/assets/**',  filters: 'none'], 
    [pattern: '/**/js/**',  filters: 'none'], 
    [pattern: '/**/css/**',  filters: 'none'], 
    [pattern: '/**/images/**', filters: 'none'], 
    [pattern: '/**/favicon.ico', filters: 'none'], 
    [pattern: '/**',    filters: 'JOINED_FILTERS'] 
]

我用下面的ENV : Grails版本:3.1.3 Groovy版本:2.4.6 JVM版本:1.7.0_75

來源

2016-03-12 chiarotto.alessandro

回答

1

我面臨完全相同的問題。 經過幾個小時的調查,看看這兩個grails 彈簧安全核心彈簧安全休息插件源代碼和運行應用程序日誌級別設置爲DEBUG看到所有封面活動,我已經想通出來。

請嘗試以下的application.groovy

grails.plugin.springsecurity.securityConfigType = "InterceptUrlMap" 

grails.plugin.springsecurity.interceptUrlMap = [ 
    [pattern: '/api/radios/**', access: ['ROLE_RADIO_ADMIN']] 
]

我使用Grails 3.1.6,彈簧安全內核3.1.0,彈簧安全休息&彈簧安全休息 - 嘗試gorm 2.0.0.M2和Java 1.8

來源

2016-05-13 02:23:52

+0

你有什麼建議,你是否將角色命名爲'ROLE_RADIO_ADMIN'? – themathmagician

+0

兩者都設置securityConfigType,並在ROLE_ –

+0

之前加入角色我的角色名爲ROLE_ADMIN,但它不能解決問題。我的設置稍有不同,我嘗試使用過濾鏈和@Secured註釋: – themathmagician

相關問題

 相關問題