My configuration is:
- Grails framework 3.0.11
- "org.grails.plugins:spring-security-core:3.0.3"
- "org.grails.plugins:spring-security-oauth2-provider:3.0.0-RC1"
I have specified my custom UserDetailsService (implementing GrailsUserDetailsService), custom User Details class (extending GrailsUser) and also custom security authentication provider (extending AbstractUserDetailsAuthenticationProvider).
I have placed it to resources.groovy as follows:
userDetailsService(My2nUserDetailsService)
my2nAuthenticationProvider(My2nAuthenticationProvider) {
userDetailsService = ref('userDetailsService')
}
Now my problem is that when I want to send POST to /oauth/token so my custom provider (my2nAuthenticationProvider) is ignored and default daoAuthenticationProvider is used and it fails because this provider calls default User Details Service (so again... my custom My2nUserDetailsService is ignored) and everything fails.
This is how I configured Spring Security core and Spring Security Oauth2 provider:
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'cz.quanti.my2n.domains.my2n.My2nUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'cz.quanti.my2n.domains.my2n.My2nUserRole'
grails.plugin.springsecurity.authority.className = 'cz.quanti.my2n.domains.my2n.My2nRole'
grails.plugin.springsecurity.rejectIfNoRule = false
grails.plugin.springsecurity.fii.rejectPublicInvocations = true
grails.plugin.springsecurity.securityConfigType = 'InterceptUrlMap'
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.password.algorithm = 'SHA-256'
grails.plugin.springsecurity.password.hash.iterations = 1
grails.plugin.springsecurity.providerNames = [
'my2nAuthenticationProvider'
]
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
[pattern: '/oauth/authorize.dispatch', access: "IS_AUTHENTICATED_ANONYMOUSLY"],
[pattern: '/oauth/token.dispatch', access: "IS_AUTHENTICATED_ANONYMOUSLY"]
]
// https://grails-plugins.github.io/grails-spring-security-core/v2/guide/filters.html
grails.plugin.springsecurity.filterChain.chainMap = [
[pattern: '/oauth/token', filters: 'JOINED_FILTERS,-oauth2ProviderFilter,-clientCredentialsTokenEndpointFilter,-securityContextPersistenceFilter,-logoutFilter,-authenticationProcessingFilter,-rememberMeAuthenticationFilter,-exceptionTranslationFilter'],
[pattern: '/oauth/authorize', filters: 'JOINED_FILTERS,-oauth2ProviderFilter,-clientCredentialsTokenEndpointFilter,-securityContextPersistenceFilter,-logoutFilter,-authenticationProcessingFilter,-rememberMeAuthenticationFilter,-exceptionTranslationFilter'],
...
[pattern: '/**', filters: 'JOINED_FILTERS,-statelessSecurityContextPersistenceFilter,-oauth2ProviderFilter,-clientCredentialsTokenEndpointFilter,-oauth2BasicAuthenticationFilter,-oauth2ExceptionTranslationFilter,-restTokenValidationFilter,-restExceptionTranslationFilter'] // Traditional chain
]
// Added by the Spring Security OAuth2 Provider plugin:
grails.plugin.springsecurity.oauthProvider.clientLookup.className = 'cz.quanti.my2n.domains.hipmo.OauthClient'
grails.plugin.springsecurity.oauthProvider.authorizationCodeLookup.className = 'cz.quanti.my2n.domains.hipmo.OauthAuthorizationCode'
grails.plugin.springsecurity.oauthProvider.accessTokenLookup.className = 'cz.quanti.my2n.domains.hipmo.OauthAccessToken'
grails.plugin.springsecurity.oauthProvider.refreshTokenLookup.className = 'cz.quanti.my2n.domains.hipmo.OauthRefreshToken'
grails.plugin.springsecurity.oauthProvider.authorization.requireScope = false
Can you give me some advice, please?
