New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gorm storage plugin: RestLogoutFilter not registred #304

Closed
tormozzg opened this Issue Oct 1, 2016 · 0 comments

Comments

Projects
None yet
2 participants
@tormozzg

tormozzg commented Oct 1, 2016

Hello.
My name is Aleksander.

Logout not work when using gorm token storage.
RestLogoutFilter not registred.

Grails 3.1.11
Spring Security Rest Gorm 2.0.0.M2

Some code from application.groovy

grails.plugin.springsecurity.rest.login.failureStatusCode = "401"
grails.plugin.springsecurity.rest.login.endpointUrl='/api/login'
grails.plugin.springsecurity.rest.logout.endpointUrl='/api/logout'
grails.plugin.springsecurity.rest.login.useJsonCredentials = true
grails.plugin.springsecurity.rest.login.usernamePropertyName = "username"
grails.plugin.springsecurity.rest.login.passwordPropertyName = "password"
grails.plugin.springsecurity.rest.token.validation.useBearerToken = false
grails.plugin.springsecurity.rest.token.validation.headerName='x-auth-token'

grails.plugin.springsecurity.rest.token.storage.useGorm=true
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassName='net.eraga.haskey.RestToken'

I got 403 when sending request to /api/logout.

logback.groovy

logger('grails.plugin.springsecurity.rest', DEBUG, ['STDOUT'], false)

Debug logs of logout request:

DEBUG grails.plugin.springsecurity.rest.RestAuthenticationFilter - Actual URI is /api/logout; endpoint URL is /api/login
DEBUG grails.plugin.springsecurity.rest.RestTokenValidationFilter - Token found: 4kqlel1m9v0m2ag21ujebmdqgfcjc3hn
DEBUG grails.plugin.springsecurity.rest.RestTokenValidationFilter - Trying to authenticate the token
DEBUG grails.plugin.springsecurity.rest.RestAuthenticationProvider - Use JWT: false
DEBUG grails.plugin.springsecurity.rest.RestAuthenticationProvider - Trying to validate token 4kqlel1m9v0m2ag21ujebmdqgfcjc3hn
DEBUG grails.plugin.springsecurity.rest.token.storage.GormTokenStorageService - Finding token 4kqlel1m9v0m2ag21ujebmdqgfcjc3hn in GORM
DEBUG grails.plugin.springsecurity.rest.token.storage.GormTokenStorageService - Searching in GORM for UserDetails of token 4kqlel1m9v0m2ag21ujebmdqgfcjc3hn
DEBUG grails.plugin.springsecurity.rest.RestAuthenticationProvider - Authentication result: grails.plugin.springsecurity.rest.token.AccessToken(accessToken:4kqlel1m9v0m2ag21ujebmdqgfcjc3hn, expiration:null, refreshToken:null, principal:grails.plugin.springsecurity.userdetails.GrailsUser@b3da67cd: Username: advertiser@haskey.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_advertiser, super:grails.plugin.springsecurity.rest.token.AccessToken@ee8f6c9d: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@b3da67cd: Username: advertiser@haskey.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_advertiser; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_advertiser)
DEBUG grails.plugin.springsecurity.rest.RestTokenValidationFilter - Token authenticated. Storing the authentication result in the security context
DEBUG grails.plugin.springsecurity.rest.RestTokenValidationFilter - Authentication result: grails.plugin.springsecurity.rest.token.AccessToken(accessToken:4kqlel1m9v0m2ag21ujebmdqgfcjc3hn, expiration:null, refreshToken:null, principal:grails.plugin.springsecurity.userdetails.GrailsUser@b3da67cd: Username: advertiser@haskey.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_advertiser, super:grails.plugin.springsecurity.rest.token.AccessToken@ee8f6c9d: Principal: grails.plugin.springsecurity.userdetails.GrailsUser@b3da67cd: Username: advertiser@haskey.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_advertiser; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_advertiser)
DEBUG grails.plugin.springsecurity.rest.RestTokenValidationFilter - Continuing the filter chain
DEBUG grails.plugin.springsecurity.rest.RestAuthenticationFilter - Actual URI is /error; endpoint URL is /api/login

Here is no logs from RestLogoutFilter.

Solution for me is register RestLogoutFilter in BootStrap.

BootStrap.groovy

class BootStrap {
    def dataSource

    def init = { servletContext ->

        SpringSecurityUtils.clientRegisterFilter('restLogoutFilter', SecurityFilterPosition.LOGOUT_FILTER.order - 1)
    }
}

Best regards, Alexander.

@alvarosanchez alvarosanchez added the bug label Oct 3, 2016

@alvarosanchez alvarosanchez added this to the 2.0.0.M3 milestone Oct 3, 2016

@alvarosanchez alvarosanchez self-assigned this Oct 3, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment