grails create-app g001 --profile rest-api --features security,hibernate
in build.gradle spring-security-rest
should be at least 2.0.0.M2:
compile "org.grails.plugins:spring-security-rest:2.0.0.M2"
package g001
import grails.rest.*
@Resource(uri='/books', formats=['json', 'xml'])
class Book {
String title
static constraints = {
title blank:false
}
}
grails s2-quickstart g001.auth User Role
package g001.auth
class AuthenticationToken {
String token
String username
static constraints = {
}
}
the final application.groovy:
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'g001.auth.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'g001.auth.UserRole'
grails.plugin.springsecurity.authority.className = 'g001.auth.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
[pattern: '/', access: ['permitAll']],
[pattern: '/error', access: ['permitAll']],
[pattern: '/**', access: ['isFullyAuthenticated()']]
]
grails.plugin.springsecurity.filterChain.chainMap = [
//Stateless chain
[
pattern: '/api/**',
filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
],
//Traditional, stateful chain
[
pattern: '/stateful/**',
filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'
]
]
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.failureStatusCode = 401
grails.plugin.springsecurity.rest.token.storage.useGorm = true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName = 'g001.auth.AuthenticationToken'
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyName = 'token'
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyName = 'username'
grails.plugin.springsecurity.rest.token.validation.useBearerToken = true
import g001.Book
import g001.auth.User
import g001.auth.Role
import g001.auth.UserRole
class BootStrap {
def init = { servletContext ->
new Book(title:"The Stand").save()
new Book(title:"The Shining").save()
def admin = new Role(authority: 'ROLE_ADMIN').save(flush: true)
def user = new User(username: 'user', password: 'pass').save(flush: true)
UserRole.create user, admin, true
}
def destroy = {
}
}
curl -i -X POST -H "Content-Type: application/json" -d '{"username":"user","password":"pass"}' localhost:8080/api/login
RESULT=`curl -i -X POST -H "Content-Type: application/json" -d '{"username":"user","password":"pass"}' localhost:8080/api/login`
TOKEN=`echo $RESULT | sed 's/.*access_token":"//g' | sed 's/".*//g'`
curl -H "Authorization: bearer $TOKEN" -H 'Accept: application/json' http://localhost:8080/books