个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
26
4
我正在尝试使用 Spring 安全性制作 REST API 的基本示例。我正在使用 Grails 插件 spring-security-rest:2.0.0.M2
我试着关注这个优秀的tutorial ,我遇到了范围不足的错误。
我正在定义一个角色,ADMIN_ROLE。成功登录后,我得到一个access_token
我在我的 ProjectController 类中添加了 @Secured(['ROLE_ADMIN']) 标签:
@Secured(['ROLE_ADMIN'])
class ProjectController extends RestfulController {
static responseFormats = ['json', 'xml']
ProjectController() {
super(Project)
}
def active() {
respond Project.findAllByActive(true), view: 'index'
}
}
我的 UrlMappings 指向 ProjectController:包 dk.mathmagicians.demo
class UrlMappings {
static mappings = {
"/$controller/$action?/$id?(.$format)?"{
constraints {
// apply constraints here
}
}
"/projects"(resources:"project")
"/active"(controller: 'project', action: 'active')
"/"(view: '/index')
"500"(view: '/error')
"404"(view: '/notFound')
}
}
我已经用过滤器配置了我的 application.groovy 文件,如下所示
grails.plugin.springsecurity.filterChain.chainMap = [
[pattern: '/assets/**', filters: 'none'],
[pattern: '/**/js/**', filters: 'none'],
[pattern: '/**/css/**', filters: 'none'],
[pattern: '/**/images/**', filters: 'none'],
[pattern: '/**/favicon.ico', filters: 'none'],
[pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter']
]
当我尝试调用我的 api 时($TOKEN 是一个环境变量,其中存储 token 用于测试目的)
curl -v -i -H "Authorization: Bearer $STOKEN" 0:8080/api/projects'
我收到 403 错误,关于范围不足:
* Trying 0.0.0.0...
* Connected to 0 (127.0.0.1) port 8080 (#0)
> GET /api/projects HTTP/1.1
> Host: 0:8080
> User-Agent: curl/7.43.0
> Accept: */*
> Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJwcmluY2lwYWwiOiJINHNJQUFBQUFBQUFBSlZTUFdcL1RRQmgrSGRJUFVhbGZVcEU2bElXeUlVZUNNVk9cL1FGUW1RWVFzUmFLNjJHXC9kYTg5Mzd0MjVUWllxRXd3WldnR1JrUGdMK1NmdDBoOVF3Y0RhbVpYMzNLWk9XU3B1c3Q5N1wvSHk5SGx6Qm1OSHdJdGFNQytPbklvdTU5RTJxdVl3Tmhwbm10dU5uQm5XRU5rZTh5b0ZObXNEMThVcmdCVkRpa1lYNVlJOGRzb3BnTXE3VVczc1kybXBidzNPbDR4dkdIYzBTUEZKNjM3XC9sRHBYR093SUZ0WGRhZ29rdG1HTmhxREpwYTBwdXRGT3VNZHFDMldJV3FIRGZqUlpDdWtGcE9STm1GRHFCa3JVRVJnRk1zY3p1S2xMbGFDek1YSnZOTEJlVkJ0cHFBSk1wTTRiY1wvWk9rWVoxMWQrOXNTa3B3QU1kUWJxY2VIZXJ1cVlQNmpzZGZVMEpRYXE2a1dXN0tSRVY4aHp0eDR1OHVmYms0K2RGdGxnQ29rMmYzZjFQTUYxZWhlXC9ieHorTzhhQyswOEdqRWVnR3J0bE55TTFjd3Y5Zm9sQytcL3ZcLzNhdlwvcjg0UUVwTzhUTFwvOVwvSDhzcE5jNTAxbGFSTU02dEdka1MwUjJYM1RPU3I5NU1QdDlEeEd6eEpCZElmSlMxR3R4SUZNY1V0YXlXR2ZWdDQrSzRlYkd5dnJMOTVYWE92NCt0S01oR1I3SFNlMnEzTER4UXRxXC9mNzlQemt5VStpMklTeFF5WXlwTkpuQzFBdFMxcW9QdzM2UzFQZmZ2WHlDTVBmK1M5TElGejNFZ01BQUE9PSIsInN1YiI6IkRvbmFsZCIsInJvbGVzIjpbIlJPTEVfQURNSU4iXSwiZXhwIjoxNDc2MTQwNjk4LCJpYXQiOjE0NzYxMzcwOTh9.wSwQad4POS77y61ULiTeOWEjxGcSv7xuDRryfWpZa-Y
>
< HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
< Server: Apache-Coyote/1.1
Server: Apache-Coyote/1.1
< WWW-Authenticate: Bearer error="insufficient_scope"
WWW-Authenticate: Bearer error="insufficient_scope"
< Content-Type: application/json;charset=UTF-8
Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
Transfer-Encoding: chunked
< Date: Mon, 10 Oct 2016 22:17:11 GMT
Date: Mon, 10 Oct 2016 22:17:11 GMT
<
* Connection #0 to host 0 left intact
{"timestamp":1476137831338,"status":403,"error":"Forbidden","message":"Access is denied","path":"/api/projects"}
我启用了调试日志,这里是 grails 应用程序的输出
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/api/projects'; against '/assets/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/api/projects'; against '/**/js/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/api/projects'; against '/**/css/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/api/projects'; against '/**/images/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/api/projects'; against '/**/favicon.ico'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/api/projects'; against '/api/**'
DEBUG org.springframework.security.web.FilterChainProxy - /api/projects at position 1 of 7 in additional filter chain; firing Filter: 'SecurityRequestHolderFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /api/projects at position 2 of 7 in additional filter chain; firing Filter: 'MutableLogoutFilter'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/api/projects'; against '/logoff'
DEBUG org.springframework.security.web.FilterChainProxy - /api/projects at position 3 of 7 in additional filter chain; firing Filter: 'RestAuthenticationFilter'
DEBUG grails.plugin.springsecurity.rest.RestAuthenticationFilter - Actual URI is /api/projects; endpoint URL is /api/login
DEBUG org.springframework.security.web.FilterChainProxy - /api/projects at position 4 of 7 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /api/projects at position 5 of 7 in additional filter chain; firing Filter: 'RestTokenValidationFilter'
DEBUG grails.plugin.springsecurity.rest.token.bearer.BearerTokenReader - Looking for bearer token in Authorization header, query string or Form-Encoded body parameter
DEBUG grails.plugin.springsecurity.rest.token.bearer.BearerTokenReader - Found bearer token in Authorization header
DEBUG grails.plugin.springsecurity.rest.token.bearer.BearerTokenReader - Token: eyJhbGciOiJIUzI1NiJ9.eyJwcmluY2lwYWwiOiJINHNJQUFBQUFBQUFBSlZTUFdcL1RRQmgrSGRJUFVhbGZVcEU2bElXeUlVZUNNVk9cL1FGUW1RWVFzUmFLNjJHXC9kYTg5Mzd0MjVUWllxRXd3WldnR1JrUGdMK1NmdDBoOVF3Y0RhbVpYMzNLWk9XU3B1c3Q5N1wvSHk5SGx6Qm1OSHdJdGFNQytPbklvdTU5RTJxdVl3Tmhwbm10dU5uQm5XRU5rZTh5b0ZObXNEMThVcmdCVkRpa1lYNVlJOGRzb3BnTXE3VVczc1kybXBidzNPbDR4dkdIYzBTUEZKNjM3XC9sRHBYR093SUZ0WGRhZ29rdG1HTmhxREpwYTBwdXRGT3VNZHFDMldJV3FIRGZqUlpDdWtGcE9STm1GRHFCa3JVRVJnRk1zY3p1S2xMbGFDek1YSnZOTEJlVkJ0cHFBSk1wTTRiY1wvWk9rWVoxMWQrOXNTa3B3QU1kUWJxY2VIZXJ1cVlQNmpzZGZVMEpRYXE2a1dXN0tSRVY4aHp0eDR1OHVmYms0K2RGdGxnQ29rMmYzZjFQTUYxZWhlXC9ieHorTzhhQyswOEdqRWVnR3J0bE55TTFjd3Y5Zm9sQytcL3ZcLzNhdlwvcjg0UUVwTzhUTFwvOVwvSDhzcE5jNTAxbGFSTU02dEdka1MwUjJYM1RPU3I5NU1QdDlEeEd6eEpCZElmSlMxR3R4SUZNY1V0YXlXR2ZWdDQrSzRlYkd5dnJMOTVYWE92NCt0S01oR1I3SFNlMnEzTER4UXRxXC9mNzlQemt5VStpMklTeFF5WXlwTkpuQzFBdFMxcW9QdzM2UzFQZmZ2WHlDTVBmK1M5TElGejNFZ01BQUE9PSIsInN1YiI6IkRvbmFsZCIsInJvbGVzIjpbIlJPTEVfQURNSU4iXSwiZXhwIjoxNDc2MTQwNjk4LCJpYXQiOjE0NzYxMzcwOTh9.wSwQad4POS77y61ULiTeOWEjxGcSv7xuDRryfWpZa-Y
DEBUG grails.plugin.springsecurity.rest.RestTokenValidationFilter - Token found: eyJhbGciOiJIUzI1NiJ9.eyJwcmluY2lwYWwiOiJINHNJQUFBQUFBQUFBSlZTUFdcL1RRQmgrSGRJUFVhbGZVcEU2bElXeUlVZUNNVk9cL1FGUW1RWVFzUmFLNjJHXC9kYTg5Mzd0MjVUWllxRXd3WldnR1JrUGdMK1NmdDBoOVF3Y0RhbVpYMzNLWk9XU3B1c3Q5N1wvSHk5SGx6Qm1OSHdJdGFNQytPbklvdTU5RTJxdVl3Tmhwbm10dU5uQm5XRU5rZTh5b0ZObXNEMThVcmdCVkRpa1lYNVlJOGRzb3BnTXE3VVczc1kybXBidzNPbDR4dkdIYzBTUEZKNjM3XC9sRHBYR093SUZ0WGRhZ29rdG1HTmhxREpwYTBwdXRGT3VNZHFDMldJV3FIRGZqUlpDdWtGcE9STm1GRHFCa3JVRVJnRk1zY3p1S2xMbGFDek1YSnZOTEJlVkJ0cHFBSk1wTTRiY1wvWk9rWVoxMWQrOXNTa3B3QU1kUWJxY2VIZXJ1cVlQNmpzZGZVMEpRYXE2a1dXN0tSRVY4aHp0eDR1OHVmYms0K2RGdGxnQ29rMmYzZjFQTUYxZWhlXC9ieHorTzhhQyswOEdqRWVnR3J0bE55TTFjd3Y5Zm9sQytcL3ZcLzNhdlwvcjg0UUVwTzhUTFwvOVwvSDhzcE5jNTAxbGFSTU02dEdka1MwUjJYM1RPU3I5NU1QdDlEeEd6eEpCZElmSlMxR3R4SUZNY1V0YXlXR2ZWdDQrSzRlYkd5dnJMOTVYWE92NCt0S01oR1I3SFNlMnEzTER4UXRxXC9mNzlQemt5VStpMklTeFF5WXlwTkpuQzFBdFMxcW9QdzM2UzFQZmZ2WHlDTVBmK1M5TElGejNFZ01BQUE9PSIsInN1YiI6IkRvbmFsZCIsInJvbGVzIjpbIlJPTEVfQURNSU4iXSwiZXhwIjoxNDc2MTQwNjk4LCJpYXQiOjE0NzYxMzcwOTh9.wSwQad4POS77y61ULiTeOWEjxGcSv7xuDRryfWpZa-Y
DEBUG grails.plugin.springsecurity.rest.RestTokenValidationFilter - Trying to authenticate the token
DEBUG grails.plugin.springsecurity.rest.RestAuthenticationProvider - Use JWT: true
DEBUG grails.plugin.springsecurity.rest.RestAuthenticationProvider - Trying to validate token eyJhbGciOiJIUzI1NiJ9.eyJwcmluY2lwYWwiOiJINHNJQUFBQUFBQUFBSlZTUFdcL1RRQmgrSGRJUFVhbGZVcEU2bElXeUlVZUNNVk9cL1FGUW1RWVFzUmFLNjJHXC9kYTg5Mzd0MjVUWllxRXd3WldnR1JrUGdMK1NmdDBoOVF3Y0RhbVpYMzNLWk9XU3B1c3Q5N1wvSHk5SGx6Qm1OSHdJdGFNQytPbklvdTU5RTJxdVl3Tmhwbm10dU5uQm5XRU5rZTh5b0ZObXNEMThVcmdCVkRpa1lYNVlJOGRzb3BnTXE3VVczc1kybXBidzNPbDR4dkdIYzBTUEZKNjM3XC9sRHBYR093SUZ0WGRhZ29rdG1HTmhxREpwYTBwdXRGT3VNZHFDMldJV3FIRGZqUlpDdWtGcE9STm1GRHFCa3JVRVJnRk1zY3p1S2xMbGFDek1YSnZOTEJlVkJ0cHFBSk1wTTRiY1wvWk9rWVoxMWQrOXNTa3B3QU1kUWJxY2VIZXJ1cVlQNmpzZGZVMEpRYXE2a1dXN0tSRVY4aHp0eDR1OHVmYms0K2RGdGxnQ29rMmYzZjFQTUYxZWhlXC9ieHorTzhhQyswOEdqRWVnR3J0bE55TTFjd3Y5Zm9sQytcL3ZcLzNhdlwvcjg0UUVwTzhUTFwvOVwvSDhzcE5jNTAxbGFSTU02dEdka1MwUjJYM1RPU3I5NU1QdDlEeEd6eEpCZElmSlMxR3R4SUZNY1V0YXlXR2ZWdDQrSzRlYkd5dnJMOTVYWE92NCt0S01oR1I3SFNlMnEzTER4UXRxXC9mNzlQemt5VStpMklTeFF5WXlwTkpuQzFBdFMxcW9QdzM2UzFQZmZ2WHlDTVBmK1M5TElGejNFZ01BQUE9PSIsInN1YiI6IkRvbmFsZCIsInJvbGVzIjpbIlJPTEVfQURNSU4iXSwiZXhwIjoxNDc2MTQwNjk4LCJpYXQiOjE0NzYxMzcwOTh9.wSwQad4POS77y61ULiTeOWEjxGcSv7xuDRryfWpZa-Y
DEBUG grails.plugin.springsecurity.rest.token.storage.jwt.JwtTokenStorageService - Successfully verified JWT
DEBUG grails.plugin.springsecurity.rest.token.storage.jwt.JwtTokenStorageService - Trying to deserialize the principal object
DEBUG grails.plugin.springsecurity.rest.token.storage.jwt.JwtTokenStorageService - UserDetails deserialized: grails.plugin.springsecurity.userdetails.GrailsUser@7a593596: Username: Donald; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN
DEBUG grails.plugin.springsecurity.rest.RestAuthenticationProvider - Now is Tue Oct 11 00:17:11 CEST 2016 and token expires at Tue Oct 11 01:04:58 CEST 2016
DEBUG grails.plugin.springsecurity.rest.RestAuthenticationProvider - Expiration: 2867
DEBUG grails.plugin.springsecurity.rest.RestAuthenticationProvider - Authentication result: grails.plugin.springsecurity.rest.token.AccessToken(accessToken:eyJhbGciOiJIUzI1NiJ9.eyJwcmluY2lwYWwiOiJINHNJQUFBQUFBQUFBSlZTUFdcL1RRQmgrSGRJUFVhbGZVcEU2bElXeUlVZUNNVk9cL1FGUW1RWVFzUmFLNjJHXC9kYTg5Mzd0MjVUWllxRXd3WldnR1JrUGdMK1NmdDBoOVF3Y0RhbVpYMzNLWk9XU3B1c3Q5N1wvSHk5SGx6Qm1OSHdJdGFNQytPbklvdTU5RTJxdVl3Tmhwbm10dU5uQm5XRU5rZTh5b0ZObXNEMThVcmdCVkRpa1lYNVlJOGRzb3BnTXE3VVczc1kybXBidzNPbDR4dkdIYzBTUEZKNjM3XC9sRHBYR093SUZ0WGRhZ29rdG1HTmhxREpwYTBwdXRGT3VNZHFDMldJV3FIRGZqUlpDdWtGcE9STm1GRHFCa3JVRVJnRk1zY3p1S2xMbGFDek1YSnZOTEJlVkJ0cHFBSk1wTTRiY1wvWk9rWVoxMWQrOXNTa3B3QU1kUWJxY2VIZXJ1cVlQNmpzZGZVMEpRYXE2a1dXN0tSRVY4aHp0eDR1OHVmYms0K2RGdGxnQ29rMmYzZjFQTUYxZWhlXC9ieHorTzhhQyswOEdqRWVnR3J0bE55TTFjd3Y5Zm9sQytcL3ZcLzNhdlwvcjg0UUVwTzhUTFwvOVwvSDhzcE5jNTAxbGFSTU02dEdka1MwUjJYM1RPU3I5NU1QdDlEeEd6eEpCZElmSlMxR3R4SUZNY1V0YXlXR2ZWdDQrSzRlYkd5dnJMOTVYWE92NCt0S01oR1I3SFNlMnEzTER4UXRxXC9mNzlQemt5VStpMklTeFF5WXlwTkpuQzFBdFMxcW9QdzM2UzFQZmZ2WHlDTVBmK1M5TElGejNFZ01BQUE9PSIsInN1YiI6IkRvbmFsZCIsInJvbGVzIjpbIlJPTEVfQURNSU4iXSwiZXhwIjoxNDc2MTQwNjk4LCJpYXQiOjE0NzYxMzcwOTh9.wSwQad4POS77y61ULiTeOWEjxGcSv7xuDRryfWpZa-Y, expiration:2867, refreshToken:null, principal:grails.plugin.springsecurity.userdetails.GrailsUser@7a593596: Username: Donald; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN, super:grails.plugin.springsecurity.rest.token.AccessToken@3afafc74: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@7a593596: Username: Donald; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN)
DEBUG grails.plugin.springsecurity.rest.RestTokenValidationFilter - Token authenticated. Storing the authentication result in the security context
DEBUG grails.plugin.springsecurity.rest.RestTokenValidationFilter - Authentication result: grails.plugin.springsecurity.rest.token.AccessToken(accessToken:eyJhbGciOiJIUzI1NiJ9.eyJwcmluY2lwYWwiOiJINHNJQUFBQUFBQUFBSlZTUFdcL1RRQmgrSGRJUFVhbGZVcEU2bElXeUlVZUNNVk9cL1FGUW1RWVFzUmFLNjJHXC9kYTg5Mzd0MjVUWllxRXd3WldnR1JrUGdMK1NmdDBoOVF3Y0RhbVpYMzNLWk9XU3B1c3Q5N1wvSHk5SGx6Qm1OSHdJdGFNQytPbklvdTU5RTJxdVl3Tmhwbm10dU5uQm5XRU5rZTh5b0ZObXNEMThVcmdCVkRpa1lYNVlJOGRzb3BnTXE3VVczc1kybXBidzNPbDR4dkdIYzBTUEZKNjM3XC9sRHBYR093SUZ0WGRhZ29rdG1HTmhxREpwYTBwdXRGT3VNZHFDMldJV3FIRGZqUlpDdWtGcE9STm1GRHFCa3JVRVJnRk1zY3p1S2xMbGFDek1YSnZOTEJlVkJ0cHFBSk1wTTRiY1wvWk9rWVoxMWQrOXNTa3B3QU1kUWJxY2VIZXJ1cVlQNmpzZGZVMEpRYXE2a1dXN0tSRVY4aHp0eDR1OHVmYms0K2RGdGxnQ29rMmYzZjFQTUYxZWhlXC9ieHorTzhhQyswOEdqRWVnR3J0bE55TTFjd3Y5Zm9sQytcL3ZcLzNhdlwvcjg0UUVwTzhUTFwvOVwvSDhzcE5jNTAxbGFSTU02dEdka1MwUjJYM1RPU3I5NU1QdDlEeEd6eEpCZElmSlMxR3R4SUZNY1V0YXlXR2ZWdDQrSzRlYkd5dnJMOTVYWE92NCt0S01oR1I3SFNlMnEzTER4UXRxXC9mNzlQemt5VStpMklTeFF5WXlwTkpuQzFBdFMxcW9QdzM2UzFQZmZ2WHlDTVBmK1M5TElGejNFZ01BQUE9PSIsInN1YiI6IkRvbmFsZCIsInJvbGVzIjpbIlJPTEVfQURNSU4iXSwiZXhwIjoxNDc2MTQwNjk4LCJpYXQiOjE0NzYxMzcwOTh9.wSwQad4POS77y61ULiTeOWEjxGcSv7xuDRryfWpZa-Y, expiration:2867, refreshToken:null, principal:grails.plugin.springsecurity.userdetails.GrailsUser@7a593596: Username: Donald; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN, super:grails.plugin.springsecurity.rest.token.AccessToken@3afafc74: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@7a593596: Username: Donald; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN)
DEBUG grails.plugin.springsecurity.rest.RestTokenValidationFilter - Continuing the filter chain
DEBUG org.springframework.security.web.FilterChainProxy - /api/projects at position 6 of 7 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
DEBUG org.springframework.security.web.FilterChainProxy - /api/projects at position 7 of 7 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /api/projects; Attributes: [_DENY_]
DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: grails.plugin.springsecurity.rest.token.AccessToken(accessToken:eyJhbGciOiJIUzI1NiJ9.eyJwcmluY2lwYWwiOiJINHNJQUFBQUFBQUFBSlZTUFdcL1RRQmgrSGRJUFVhbGZVcEU2bElXeUlVZUNNVk9cL1FGUW1RWVFzUmFLNjJHXC9kYTg5Mzd0MjVUWllxRXd3WldnR1JrUGdMK1NmdDBoOVF3Y0RhbVpYMzNLWk9XU3B1c3Q5N1wvSHk5SGx6Qm1OSHdJdGFNQytPbklvdTU5RTJxdVl3Tmhwbm10dU5uQm5XRU5rZTh5b0ZObXNEMThVcmdCVkRpa1lYNVlJOGRzb3BnTXE3VVczc1kybXBidzNPbDR4dkdIYzBTUEZKNjM3XC9sRHBYR093SUZ0WGRhZ29rdG1HTmhxREpwYTBwdXRGT3VNZHFDMldJV3FIRGZqUlpDdWtGcE9STm1GRHFCa3JVRVJnRk1zY3p1S2xMbGFDek1YSnZOTEJlVkJ0cHFBSk1wTTRiY1wvWk9rWVoxMWQrOXNTa3B3QU1kUWJxY2VIZXJ1cVlQNmpzZGZVMEpRYXE2a1dXN0tSRVY4aHp0eDR1OHVmYms0K2RGdGxnQ29rMmYzZjFQTUYxZWhlXC9ieHorTzhhQyswOEdqRWVnR3J0bE55TTFjd3Y5Zm9sQytcL3ZcLzNhdlwvcjg0UUVwTzhUTFwvOVwvSDhzcE5jNTAxbGFSTU02dEdka1MwUjJYM1RPU3I5NU1QdDlEeEd6eEpCZElmSlMxR3R4SUZNY1V0YXlXR2ZWdDQrSzRlYkd5dnJMOTVYWE92NCt0S01oR1I3SFNlMnEzTER4UXRxXC9mNzlQemt5VStpMklTeFF5WXlwTkpuQzFBdFMxcW9QdzM2UzFQZmZ2WHlDTVBmK1M5TElGejNFZ01BQUE9PSIsInN1YiI6IkRvbmFsZCIsInJvbGVzIjpbIlJPTEVfQURNSU4iXSwiZXhwIjoxNDc2MTQwNjk4LCJpYXQiOjE0NzYxMzcwOTh9.wSwQad4POS77y61ULiTeOWEjxGcSv7xuDRryfWpZa-Y, expiration:2867, refreshToken:null, principal:grails.plugin.springsecurity.userdetails.GrailsUser@7a593596: Username: Donald; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN, super:grails.plugin.springsecurity.rest.token.AccessToken@3afafc74: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@7a593596: Username: Donald; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN)
DEBUG org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl - getReachableGrantedAuthorities() - From the roles [ROLE_ADMIN] one can reach [ROLE_ADMIN] in zero or more steps.
DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is not anonymous); delegating to AccessDeniedHandler
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AbstractAccessDecisionManager.checkAllowIfAllAbstainDecisions(AbstractAccessDecisionManager.java:70)
at grails.plugin.springsecurity.access.vote.AuthenticatedVetoableDecisionManager.decide(AuthenticatedVetoableDecisionManager.groovy:50)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:232)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at javax.servlet.FilterChain$doFilter.call(Unknown Source)
at grails.plugin.springsecurity.rest.RestTokenValidationFilter.processFilterChain(RestTokenValidationFilter.groovy:118)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springsource.loaded.ri.ReflectiveInterceptor.jlrMethodInvoke(ReflectiveInterceptor.java:1426)
at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSiteNoUnwrapNoCoerce.invoke(PogoMetaMethodSite.java:210)
at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.callCurrent(PogoMetaMethodSite.java:59)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:190)
at grails.plugin.springsecurity.rest.RestTokenValidationFilter.doFilter(RestTokenValidationFilter.groovy:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at javax.servlet.FilterChain$doFilter.call(Unknown Source)
at grails.plugin.springsecurity.rest.RestAuthenticationFilter.doFilter(RestAuthenticationFilter.groovy:143)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.groovy:62)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.groovy:58)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:75)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:67)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:103)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:528)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1099)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:670)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1520)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1476)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/error'; against '/assets/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/error'; against '/**/js/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/error'; against '/**/css/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/error'; against '/**/images/**'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/error'; against '/**/favicon.ico'
DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/error'; against '/api/**'
DEBUG org.springframework.security.web.FilterChainProxy - /error has no matching filters
对我做错了什么有什么想法吗?有关如何解决此错误的任何提示?
最佳阿加塔
更新了 ProjectController 和 UrlMapping 的问题
最佳答案
我已经解决了这个问题。结论是,如果您尝试访问的资源不存在,您可能会收到 Insufficient_scope 错误。
事实证明,grails 中的 s2-quickstart 命令正在 application.groovy 文件中生成一些代码。我使用模式 pattern: '/api/**', 将过滤器添加到 filterChain 映射中,而我的 api 驻留在模式 / 中。
经验教训:
如何开启spring安全类的调试级别日志:在Logback.groovy文件中添加如下内容:
logger("org.springframework.security", DEBUG, ['STDOUT'], false)记录器(“grails.plugin.springsecurity”,DEBUG,['STDOUT'],假)logger("org.pac4j", DEBUG, ['STDOUT'], false)
如果您尝试访问的资源不存在,您可能会收到 Insufficient_scope 错误
关于spring - 使用 Grail 插件 spring-security-rest 获取 403 错误承载错误 ="insufficient_scope"#3,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39993939/
26
4
0
我需要您在以下方面提供帮助。近一个月来,我一直在阅读有关任务和异步的内容。 我想尝试在一个简单的 wep api 项目中实现我新获得的知识。我有以下方法,并且它们都按预期工作: public Htt
我的可执行 jar 中有一个模板文件 (.xls)。不需要在运行时我需要为这个文件创建 100 多个副本(稍后将唯一地附加)。用于获取 jar 文件中的资源 (template.xls)。我正在使用
我在查看网站的模型代码时对原型(prototype)有疑问。我知道这对 Javascript 中的继承很有用。 在这个例子中... define([], function () { "use
影响我性能的前三项操作是: 获取滚动条 获取偏移高度 Ext.getStyle 为了解释我的应用程序中发生了什么:我有一个网格,其中有一列在每个单元格中呈现网格。当我几乎对网格的内容做任何事情时,它运
我正在使用以下函数来获取 URL 参数。 function gup(name, url) { name = name.replace(/[\[]/, '\\\[').replace(/[\]]/,
我最近一直在使用 sysctl 来做很多事情,现在我使用 HW_MACHINE_ARCH 变量。我正在使用以下代码。请注意,当我尝试获取其他变量 HW_MACHINE 时,此代码可以完美运行。我还认为
关闭。这个问题不符合Stack Overflow guidelines .它目前不接受答案。 关闭 9 年前。 要求提供代码的问题必须表现出对所解决问题的最低限度的理解。包括尝试过的解决方案、为什么
由于使用 main-bower-files 作为使用 Gulp 的编译任务的一部分,我无法使用 node_modules 中的 webpack 来require 模块code> dir 因为我会弄乱当
关闭。这个问题需要更多focused .它目前不接受答案。 想改进这个问题吗? 更新问题,使其只关注一个问题 editing this post . 关闭 5 年前。 Improve this qu
我使用 Gridlayout 在一行中放置 4 个元素。首先,我有一个 JPanel,一切正常。对于行数变大并且我必须能够向下滚动的情况,我对其进行了一些更改。现在我的 JPanel 上添加了一个 J
由于以下原因,我想将 VolumeId 的值保存在变量中: #!/usr/bin/env python import boto3 import json import argparse import
我正在将 MSAL 版本 1.x 更新为 MSAL-browser 的 Angular 。所以我正在尝试从版本 1.x 迁移到 2.X.I 能够成功替换代码并且工作正常。但是我遇到了 acquireT
我知道有很多关于此的问题,例如 Getting daily averages with pandas和 How get monthly mean in pandas using groupby但我遇到
This is the query string that I am receiving in URL. Output url: /demo/analysis/test?startDate=Sat+
我正在尝试使用 javascript 中的以下代码访问 Geoserver 层 var gkvrtWmsSource =new ol.source.ImageWMS({ u
API 需要一个包含授权代码的 header 。这就是我到目前为止所拥有的: var fullUrl = 'https://api.ecobee.com/1/thermostat?json=\{"s
如何获取文件中的最后一个字符,如果是某个字符,则删除它而不将整个文件加载到内存中? 这就是我目前所拥有的。 using (var fileStream = new FileStream("file.t
我是这个社区的新手,想出了我的第一个问题。 我正在使用 JSP,我成功地创建了 JSP-Sites,它正在使用jsp:setParameter 和 jsp:getParameter 具有单个字符串。
在回答 StoreStore reordering happens when compiling C++ for x86 @Peter Cordes 写过 For Acquire/Release se
我有一个函数,我们将其命名为 X1,它返回变量 Y。该函数在操作 .on("focusout", X1) 中使用。如何获取变量Y?执行.on后X1的结果? 最佳答案 您可以更改 Y 的范围以使其位于函
我是一名优秀的程序员,十分优秀!