Spring-security-core and basic authentication

Hi,
I'm using spring-security-core 1.2.7.2. I'm trying to configure Basic Athentication.
My config files look like:
1. Config.groovy:

grails.plugins.springsecurity.useBasicAuth = true
grails.plugins.springsecurity.basic.realmName = "Ralph's Bait and Tackle"

grails.plugins.springsecurity.filterChain.chainMap = [
        '/services/**': 'JOINED_FILTERS,-exceptionTranslationFilter',
        '/**': 'JOINED_FILTERS,-anonymousAuthenticationFilter'
]

grails.plugins.springsecurity.providerNames = [
        'basicAuthenticationProvider']

2. My resources.groovy:
...
basicAuthenticationProvider(BasicAuthenticationProvider) {
                userDetailsService = ref('userDetailsService')
}
userDetailsService(UserDetailsService)
...

When I run grails run-app, basic authentication doesn't work - there is no Authorization header in request ;/
Has someone met such problem?

On 22/02/2012 15:12, rgorzkow wrote:
> grails.plugins.springsecurity.providerNames = [
>         'basicAuthenticationProvider']
>
> 2. My resources.groovy:
> ...
> basicAuthenticationProvider(BasicAuthenticationProvider) {
>                 userDetailsService = ref('userDetailsService')
> }
> userDetailsService(UserDetailsService)

Why are you defining the providerNames and the Spring beans?  The
useBasicAuth and realmName settings should be sufficient on their own,
plus the chainMap if you only want to apply basic auth to certain areas
of the app and use normal form-based auth for the remainder.

Ian

--
Ian Roberts               | Department of Computer Science
[hidden email]  | University of Sheffield, UK

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email

I removed basicAuthenticationProvider bean and userDetailsService bean from resurces.groovy so my Config.groovy looks like:
grails.plugins.springsecurity.useBasicAuth = true
grails.plugins.springsecurity.basic.realmName = "Ralph's Bait and Tackle"

grails.plugins.springsecurity.filterChain.chainMap = [
        '/services/**': 'JOINED_FILTERS,-exceptionTranslationFilter',
        '/**': 'JOINED_FILTERS,-anonymousAuthenticationFilter'
]
 
Basic authenticataion  still does'nt work.
Should I configure something more?

I don't understand how should I configure spring security to work with basic authentication.
Currently my Config.groovy file contains

grails.plugins.springsecurity.useBasicAuth = true
grails.plugins.springsecurity.basic.realmName = "Ralph's Bait and Tackle"

grails.plugins.springsecurity.filterChain.chainMap = [
        '/webservice/**': 'JOINED_FILTERS,-exceptionTranslationFilter',
        '/recipient/**' : 'JOINED_FILTERS,-anonymousAuthenticationFilter'
]

I observed that when I'm opening my application  using url: http://localhost:8080/app/recipient/ there is no prompt for a username and password and site opens (I think it shouldn't let me see this site if my chainMap contains          '/recipient/**' : 'JOINED_FILTERS,-anonymousAuthenticationFilter' ) ? I saw that when BasicAuthenticationFilter.doFilter is invoking there is no "Authorization" header and String header = request.getHeader("Authorization"); always return null.  I don't understant why response status is not set to 401 ? I thought that if I set grails.plugins.springsecurity.useBasicAuth to  true it would automaticly set response status to 401.
I can't see when BasicAuthenticationEntryPoint.commence is invoked except BasicAuthenticationFilter (but how to get there if header = request.getHeader("Authorization"); always return null) ?
 
But when I call the same url with  "curl -u admin http://localhost:8080/app/recipient/" it prompts for a password and GormUserDetailsSerrvice.loadUserByUsername is invoked.

I solved it. I had to add:

grails.plugins.springsecurity.securityConfigType = 'InterceptUrlMap' and

grails.plugins.springsecurity.interceptUrlMap = [
        '/**': ['ROLE_USER']
]