CODEWITHSUNDEEP
restgrailsspring-security-rest
Jeremy Wagner
Jeremy Wagner

Reputation: 505

Disable RestAuthenticationFilter - Grails Spring Security Rest Plugin

I'm using Grails v2.4.2 with spring-security-rest, spring-security-core, and spring-security-ui plugins.

I'm trying to disable the RestAuthenticationFilter that comes with spring-security-rest so that I can write a custom Authentication Filter that is not case sensitive.

In my config.groovy, I'm using the following filter chain map:

grails.plugin.springsecurity.filterChain.chainMap = [
'/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter,-restAuthenticationFilter'

]

I've added '-restAuthenticationFilter' to exclude RestAuthenticationFilter but it is still running.

How can I exclude RestAuthentication Filter or is there an easier way to add case insensitivity to the username when logging in through RestAuthenticationFilter?

Upvotes: 0

Views: 910

Answers (2)

Álvaro Sánchez-Mariscal
Álvaro Sánchez-Mariscal

Reputation: 904

The plugin doesn't perform any authentication itself, but rather delegates it to the Spring's AuthenticationManager, which in turn uses any authentication provider configured. In your case, the provider used is DaoAuthenticationProvider, and it delegates user retrieval to the userDetailsService configured bean.

As @jstell pointed out, the core plugin provides a GormUserDetailsService that you will have to subclass, override the method loadUserByUsername(String username, boolean loadRoles), and configure in resources.groovy as userDetailsService bean.

Upvotes: 1

jstell
jstell

Reputation: 706

Seems like 2 different questions.

If you want exclude the REST auth filter, I think you need to remove restTokenValidationFilter and restExceptionTranslationFilter from the chain.

Try

grails.plugin.springsecurity.filterChain.chainMap = [
'/**': 'JOINED_FILTERS,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter,-restTokenValidationFilter,-restExceptionTranslationFilter'
]

If you want to make your username case insensitive, just create a custom implementation of GrailsUserDetailsService. Implement loadUserByUsername to ignore case of the username.

See http://grails-plugins.github.io/grails-spring-security-core/guide/userDetailsService.html

Upvotes: 2

Related Questions