Changeset 2180
- Timestamp:
- Mar 12, 2012, 12:16:52 PM (9 years ago)
- Location:
- trunk/grails-app
- Files:
-
- 3 edited
-
conf/BootStrap.groovy (modified) (1 diff)
-
conf/Config.groovy (modified) (1 diff)
-
controllers/RestController.groovy (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/grails-app/conf/BootStrap.groovy
r1815 r2180 38 38 // define timezone 39 39 System.setProperty('user.timezone', 'CET') 40 41 // set up a client (=external program) role if it does not exist 42 def clientRole = SecRole.findByAuthority('ROLE_CLIENT') ?: new SecRole(authority: 'ROLE_CLIENT').save(failOnError: true) 40 43 41 44 // set up authentication (if required) -
trunk/grails-app/conf/Config.groovy
r2179 r2180 109 109 grails.plugins.springsecurity.successHandler.targetUrlParameter = 'spring-security-redirect' 110 110 111 // Spring Security configuration 112 grails.plugins.springsecurity.useBasicAuth = true 113 grails.plugins.springsecurity.basic.realmName = "Authentication Required" 114 grails.plugins.springsecurity.useSessionFixationPrevention = true 115 grails.plugins.springsecurity.filterChain.chainMap = [ 116 '/rest/hello': 'JOINED_FILTERS,-exceptionTranslationFilter', 117 '/**': 'JOINED_FILTERS,-basicAuthenticationFilter,-basicExceptionTranslationFilter' 118 ] 119 111 120 // Needed for the (copy of) the Spring Security UI plugin 112 121 grails.mail.default.from = 'gscf@dbnp.org' -
trunk/grails-app/controllers/RestController.groovy
r2095 r2180 22 22 import nl.metabolomicscentre.dsp.http.BasicAuthentication 23 23 import dbnp.rest.common.CommunicationManager 24 import org.springframework.security.core.context.SecurityContextHolder; 24 import org.springframework.security.core.context.SecurityContextHolder 25 import grails.plugins.springsecurity.Secured; 25 26 26 27 class RestController { … … 34 35 def credentials 35 36 def requestUser 37 38 @Secured(['ROLE_CLIENT']) 39 def hello = { 40 // client was authorized over basic http authentication 41 // (also see spring security section in Config.groovy) 42 // for now just return the token to authenticate with 43 44 // got a consumer? 45 if (!params.containsKey('consumer')) { 46 // no 47 response.status = 400; 48 49 def result = ['error':"Consumer required"] 50 51 if (params.containsKey('callback')) { 52 render "${params.callback}(${result as JSON})" 53 } else { 54 render result as JSON 55 } 56 } else { 57 // yes 58 // create a random session token that will be used to allow to module to 59 // sync with gscf prior to presenting the measurement data 60 def sessionToken = UUID.randomUUID().toString() 61 62 def result = ['token': sessionToken] 63 64 // put the session token to work 65 authenticationService.logInRemotely( params.get('consumer'), sessionToken, authenticationService.getLoggedInUser()) 66 67 response.status = 200; 68 if (params.containsKey('callback')) { 69 render "${params.callback}(${result as JSON})" 70 } else { 71 render result as JSON 72 } 73 } 74 } 36 75 37 76 /** … … 109 148 * 110 149 * If one study is requested, a 404 error might occur if the study doesn't exist, and a 401 error if the user is not 111 * authorized to access this study. If multiple studies are requ rested, non-existing studies or studies for which the150 * authorized to access this study. If multiple studies are requested, non-existing studies or studies for which the 112 151 * user is not authorized are not returned in the list (so the list might be empty). 113 152 *
Note: See TracChangeset
for help on using the changeset viewer.
