Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to configure grails/spring authentication scheme per url?

How can I configure a grails application using Spring security such that one set of url's will redirect unauthenticated users to a custom login form with an http response code of 200, whereas another set of url's are implementing restful web services and must return a 401/not authorized response for unauthenticated clients so the client application can resend the request with a username and password in response to the 401.

My current configuration can handle the first case with the custom login form. However, I need to configure the other type of authentication for the restful interface url's while preserving the current behavior for the human interface.

Thanks!

like image 759
Ryan Grow Avatar asked Aug 15 '11 12:08

Ryan Grow


1 Answers

If I understood right what you want to do, I got the same problem, before! but it is easy to solve it using Spring Security grails Plugin! So, first of all, you have to set your application to use basic authentication:

grails.plugins.springsecurity.useBasicAuth = true

So your restful services will try to login, and if it doesnt work it goes to 401! This is easy but you also need to use a custom form to login right?! So you can just config some URL to gets into your normal login strategy like this:

grails.plugins.springsecurity.filterChain.chainMap = [
    '/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter',
    '/**': 'JOINED_FILTERS,-basicAuthenticationFilter,-basicExceptionTranslationFilter'
 ]

So noticed, that above, everything that comes to the URL /api/ will use the Basic Auth, but anything that is not from /api/ uses the normal authentication login form!

EDIT

More information goes to http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/guide/16%20Filters.html

like image 189
Arthur Neves Avatar answered Oct 08 '22 01:10

Arthur Neves