Grails spring plugin for security kernel: how to remove browser prompt for ajax request

Question

Grails spring plugin for security kernel: how to remove browser prompt for ajax request

I installed the new grails application (2.3.5) and installed the spring security kernel plugin (2.0-RC2)

I added the following configuration (my 'secure / **' urlmappings use basicAuthenicationFilter):

  grails.plugin.springsecurity.logout.postOnly = false 
    grails.plugin.springsecurity.rejectIfNoRule = true
    grails.plugin.springsecurity.fii.rejectPublicInvocations = false
    //Enable Basic Auth Filter
    grails.plugin.springsecurity.useBasicAuth = true
    grails.plugin.springsecurity.basic.realmName = "Example"
    grails.plugin.springsecurity.filterChain.chainMap = [
            '/secure/**': 'JOINED_FILTERS,-exceptionTranslationFilter',
            'app/**': 'JOINED_FILTERS,-basicAuthenticationFilter,-basicExceptionTranslationFilter'
    ]



grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.car.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.car.UserRole'
grails.plugin.springsecurity.authority.className = 'com.car.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
   '/app/**':                        ['permitAll'],
   '/index':                         ['permitAll'],
    '/index.gsp':                     ['permitAll'],
    '/**/js/**':                      ['permitAll'],
    '/**/css/**':                     ['permitAll'],
    '/**/images/**':                  ['permitAll'],
    '/**/favicon.ico':                ['permitAll']
]

I have an angular application in a web application folder. Basically, when I make an ajax request from him and put the wrong password in the basic authentication header, I am prompted for a default browser prompt. The request has not yet been completed. I am new to understanding this, but it seems to me that the code that intercepts the request has logic for the request if the header is missing or invalid.

, - , . ? ?

+4

ajax spring-security grails

user648869 30 . '14 19:20

1

Angular University · Accepted Answer · 2014-02-08T14:13:15+0000

HTTP Basic Authentication (useBasicAuth = true), 401 WWW-Authenticate: Basic, .

, . , , - .

- , Authorization ( ) .

spring , 17.2.1 , , RequestHeaderAuthenticationFilter .

X-MyCustomHeader :

  <security:http>
    <!-- Additional http configuration omitted -->
    <security:custom-filter position="PRE_AUTH_FILTER" ref="customAuthFilter" />
  </security:http>

    <bean id="customAuthFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
    <property name="principalRequestHeader" value="X-MyCustomHeader"/>
    <property name="authenticationManager" ref="authenticationManager" />
  </bean>

  <bean id="preauthAuthProvider"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
    <property name="preAuthenticatedUserDetailsService">
      <bean id="userDetailsServiceWrapper"
          class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
        <property name="userDetailsService" ref="userDetailsService"/>
      </bean>
    </property>
    </bean>

    <security:authentication-manager alias="authenticationManager">
      <security:authentication-provider ref="preauthAuthProvider" />
    </security:authentication-manager>

, , (CSRF).

Grails spring plugin for security kernel: how to remove browser prompt for ajax request

More articles: