Quantcast

Re: Spring Security Core Plugin - Basic auth for rest url

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security Core Plugin - Basic auth for rest url

Ingo Busse
Tried this configuration already: basic authentication filter created by your plugin setting useBasicAuth to true. While the api urls work as expected the other urls as well pop up the basic authentication box. May be the filter chain for /** is wrong!?

grails.plugins.springsecurity.useBasicAuth = true
grails.plugins.springsecurity.basic.realmName = "API"

grails.plugins.springsecurity.filterChain.chainMap = [
'/api/**': 'securityContextPersistenceFilter,logoutFilter,basicAuthenticationFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor',
'/**':'securityContextPersistenceFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeAuthenticationFilter,anonymousAuthenticationFilter,exceptionTranslationFilter,filterInvocationInterceptor'
]

----- Original Message -----
From: "Burt Beckwith" <[hidden email]>
To: [hidden email]
Sent: Friday, July 9, 2010 6:26:26 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna
Subject: Re: [grails-user] Spring Security Core Plugin - Basic auth for rest url

Right - so keep the grails.plugins.springsecurity.filterChain.chainMap in Config.groovy, that's what it's for.

Burt

> But I do not want the whole application to use Basic Authentication but just the rest api urls, e.g. /<app>/rest/**
> while the rest of the application uses form based authentication.
>
> ----- Original Message -----
> From: "Burt Beckwith" <[hidden email]>
> To: [hidden email]
> Sent: Friday, July 9, 2010 6:07:55 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna
> Subject: Re: [grails-user] Spring Security Core Plugin - Basic auth for rest url
>
> You shouldn't need to do anything in resources.groovy, just add
>
> grails.plugins.springsecurity.useBasicAuth = true
>
> to Config.groovy as described in section 9.1 of the docs: http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/
>
> Burt
>
> > Tried to configure a basic auth filter for a specific url by
> >
> > - setting grails.plugins.springsecurity.filterChain.chainMap in Config.groovy
> > - configuring a basicAuthenticationFilter in resources.groovy
> >
> > This results in a No bean named ... Exception. It seems that it tries to resolve the chain before the beans in resources groovy are constructed.
> >
> > Any idea how to resolve this?
> >
> > Thanx,
> > Ingo
> >
> > BTW, I do have a working solution for the acegi plugin doing all the work in resource.groovy.
> >
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
> http://xircles.codehaus.org/manage_email
>
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security Core Plugin - Basic auth for rest url

burtbeckwith
I think this is a bug with the AuthenticationEntryPoint but I won't have time to look at it until the weekend. Please create an issue at http://jira.codehaus.org/browse/GRAILSPLUGINS under Grails-Spring-Security-Core so it gets tracked.

Burt

>
> Tried this configuration already: basic authentication filter created by your plugin setting useBasicAuth to true. While the api urls work as expected the other urls as well pop up the basic authentication box. May be the filter chain for /** is wrong!?
>
> grails.plugins.springsecurity.useBasicAuth = true
> grails.plugins.springsecurity.basic.realmName = "API"
>
> grails.plugins.springsecurity.filterChain.chainMap = [
> '/api/**': 'securityContextPersistenceFilter,logoutFilter,basicAuthenticationFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor',
> '/**':'securityContextPersistenceFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeAuthenticationFilter,anonymousAuthenticationFilter,exceptionTranslationFilter,filterInvocationInterceptor'
> ]
>
> ----- Original Message -----
> From: "Burt Beckwith" <[hidden email]>
> To: [hidden email]
> Sent: Friday, July 9, 2010 6:26:26 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna
> Subject: Re: [grails-user] Spring Security Core Plugin - Basic auth for rest url
>
> Right - so keep the grails.plugins.springsecurity.filterChain.chainMap in Config.groovy, that's what it's for.
>
> Burt
>
> > But I do not want the whole application to use Basic Authentication but just the rest api urls, e.g. /<app>/rest/**
> > while the rest of the application uses form based authentication.
> >
> > ----- Original Message -----
> > From: "Burt Beckwith" <[hidden email]>
> > To: [hidden email]
> > Sent: Friday, July 9, 2010 6:07:55 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna
> > Subject: Re: [grails-user] Spring Security Core Plugin - Basic auth for rest url
> >
> > You shouldn't need to do anything in resources.groovy, just add
> >
> > grails.plugins.springsecurity.useBasicAuth = true
> >
> > to Config.groovy as described in section 9.1 of the docs: http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/ 
> >
> > Burt
> >
> > > Tried to configure a basic auth filter for a specific url by
> > >
> > > - setting grails.plugins.springsecurity.filterChain.chainMap in Config.groovy
> > > - configuring a basicAuthenticationFilter in resources.groovy
> > >
> > > This results in a No bean named ... Exception. It seems that it tries to resolve the chain before the beans in resources groovy are constructed.
> > >
> > > Any idea how to resolve this?
> > >
> > > Thanx,
> > > Ingo
> > >
> > > BTW, I do have a working solution for the acegi plugin doing all the work in resource.groovy.
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this list, please visit:
> >
> > http://xircles.codehaus.org/manage_email 
> >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
> http://xircles.codehaus.org/manage_email 
>
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security Core Plugin - Basic auth for rest url

Manuel Vio
This post has NOT been accepted by the mailing list yet.
Right today I spent some hours trying to get the same thing.

Like Ingo I had a working project with acegi plugin (I got informations from this blog entry: http://johnnywey.wordpress.com/2009/10/29/grails-acegi-plugin-and-securing-multiple-resources-using-basic-authentication/), but I didn't get to manage porting it to Spring Security plugin.

Eventually I made it somehow:

in resources.groovy:

...
        basicAuthenticationEntryPoint(org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint){
                realmName = 'Grails webdav'
        }
       


        basicAuthenticationFilter(org.springframework.security.web.authentication.www.BasicAuthenticationFilter) {
                authenticationManager = ref('authenticationManager')
                authenticationEntryPoint = ref('basicAuthenticationEntryPoint')
          }

       
        basicExceptionTranslationFilter(ExceptionTranslationFilter) {
                authenticationEntryPoint = ref('basicAuthenticationEntryPoint')
                accessDeniedHandler = ref('accessDeniedHandler')
// portResolver = ref('portResolver')
          }

...

and in Config.groovy:

...

grails.plugins.springsecurity.rejectIfNoRule = true
grails.plugins.springsecurity.controllerAnnotations.staticRules = [
        '/images/**':['IS_AUTHENTICATED_ANONYMOUSLY'],
        '/css/**':['IS_AUTHENTICATED_ANONYMOUSLY'],
        '/js/**':['IS_AUTHENTICATED_ANONYMOUSLY'],
        '/login/**':['IS_AUTHENTICATED_ANONYMOUSLY'],
        '/logout/**':['IS_AUTHENTICATED_ANONYMOUSLY'],
        '/webdav_layouts/**':['IS_AUTHENTICATED_FULLY']
]

grails.plugins.springsecurity.filterChain.chainMap = [
        '/webdav_layouts/**': 'authenticationProcessingFilter,basicAuthenticationFilter,securityContextHolderAwareRequestFilter,anonymousAuthenticationFilter,basicExceptionTranslationFilter,filterInvocationInterceptor',
        '/**': 'securityContextPersistenceFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeAuthenticationFilter,anonymousAuthenticationFilter,exceptionTranslationFilter,filterInvocationInterceptor'
 ]
...

I didn't set useBasicAuth = true in Config.groovy


However I don't know Spring, so I cannot say if this is the best way, but I hope it helps.

Ciao

Manuel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Spring Security Core Plugin - Basic auth for rest url

Ingo Busse
In reply to this post by Ingo Busse
Checked your source. You are right there is only one 'authenticationEntryPoint' defined that is either form based, basic, digest or x509. So an application can have only one of these. Not really a bug but I created a Jira anyway:

http://jira.codehaus.org/browse/GRAILSPLUGINS-2277

Thanks a lot for your quick hints,
  Ingo

----- Original Message -----
From: "Burt Beckwith" <[hidden email]>
To: [hidden email]
Sent: Friday, July 9, 2010 9:54:21 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna
Subject: Re: [grails-user] Spring Security Core Plugin - Basic auth for rest url

I think this is a bug with the AuthenticationEntryPoint but I won't have time to look at it until the weekend. Please create an issue at http://jira.codehaus.org/browse/GRAILSPLUGINS under Grails-Spring-Security-Core so it gets tracked.

Burt

>
> Tried this configuration already: basic authentication filter created by your plugin setting useBasicAuth to true. While the api urls work as expected the other urls as well pop up the basic authentication box. May be the filter chain for /** is wrong!?
>
> grails.plugins.springsecurity.useBasicAuth = true
> grails.plugins.springsecurity.basic.realmName = "API"
>
> grails.plugins.springsecurity.filterChain.chainMap = [
> '/api/**': 'securityContextPersistenceFilter,logoutFilter,basicAuthenticationFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor',
> '/**':'securityContextPersistenceFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeAuthenticationFilter,anonymousAuthenticationFilter,exceptionTranslationFilter,filterInvocationInterceptor'
> ]
>
> ----- Original Message -----
> From: "Burt Beckwith" <[hidden email]>
> To: [hidden email]
> Sent: Friday, July 9, 2010 6:26:26 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna
> Subject: Re: [grails-user] Spring Security Core Plugin - Basic auth for rest url
>
> Right - so keep the grails.plugins.springsecurity.filterChain.chainMap in Config.groovy, that's what it's for.
>
> Burt
>
> > But I do not want the whole application to use Basic Authentication but just the rest api urls, e.g. /<app>/rest/**
> > while the rest of the application uses form based authentication.
> >
> > ----- Original Message -----
> > From: "Burt Beckwith" <[hidden email]>
> > To: [hidden email]
> > Sent: Friday, July 9, 2010 6:07:55 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna
> > Subject: Re: [grails-user] Spring Security Core Plugin - Basic auth for rest url
> >
> > You shouldn't need to do anything in resources.groovy, just add
> >
> > grails.plugins.springsecurity.useBasicAuth = true
> >
> > to Config.groovy as described in section 9.1 of the docs: http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/
> >
> > Burt
> >
> > > Tried to configure a basic auth filter for a specific url by
> > >
> > > - setting grails.plugins.springsecurity.filterChain.chainMap in Config.groovy
> > > - configuring a basicAuthenticationFilter in resources.groovy
> > >
> > > This results in a No bean named ... Exception. It seems that it tries to resolve the chain before the beans in resources groovy are constructed.
> > >
> > > Any idea how to resolve this?
> > >
> > > Thanx,
> > > Ingo
> > >
> > > BTW, I do have a working solution for the acegi plugin doing all the work in resource.groovy.
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this list, please visit:
> >
> > http://xircles.codehaus.org/manage_email
> >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
> http://xircles.codehaus.org/manage_email
>
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Loading...