Grails:使用OAuth2.0保护REST API [英] Grails: Securing REST API with OAuth2.0
问题描述
我正在使用Grails构建REST API。我希望使用OAuth2.0 client_credentials流(grant_type)来保护它。我的用例如下所示:
I am building a REST API using Grails. I want it to be protected using OAuth2.0 client_credentials flow(grant_type). My use-case is as follows:
外部代理将发送请求到类似于
a external agent will send a request to something like
http://server-url/oauth/token?client_id=clientId&client_secret=clientSecret&grant_type=client_credentials
并获得一个access_token。然后,我的URL(受保护的资源)应该可以被类似于
and obtain a access_token. Then, my URL(protected resource) should be accesible with something like
http://server-url/resource?access_token={access-token obtained before}
我在寻找一些能够简单快速地在Grails上做这件事的东西。什么将是最好的方式/工具/插件用于此?抄写库是一个选项,如果有针对我的特定用例的任何教程,它将会很棒。
I am looking for something that makes doing this on Grails easy and quick. What will be the best way/tool/plugin to use for this ? Scribe library is an option, if there are any tutorials for my specific use-case, it will be great.
PS:我已经试过了spring-security和相关的插件,那里没有快乐。任何替代品都会很好。
P.S.: I have tried the spring-security and related plugins, no joy there. Any alternatives would be nice.
推荐答案
我有同样的问题。我发现了很多grails插件,可以帮助您针对其他oauth提供商验证您的应用程序,但没有什么能够帮助我将应用程序变成oauth提供程序。经过大量的挖掘之后,我遇到了这个grails插件,它将完全按照您的要求进行。
I have the same issue. I found a lot of grails plugins that helped you authenticate your app against other oauth providers, but nothing that would help me make my app the oauth provider. After a lot of digging, I came across this grails plugin that will do exactly what you want.
https:// github.com/adaptivecomputing/grails-spring-security-oauth2-provider
我仍然在为我的应用程序配置它,我认为文档可能会需要一些编辑(特别是authorization_code流程),但我得到了简单的client_credentials流程以最少的配置工作。希望有帮助!
I'm still configuring it for my application, and I think the docs might need a few edits (specifically the authorization_code flow) but I got the simple client_credentials flow to work with minimal configuration. Hope that helps!
这篇关于Grails:使用OAuth2.0保护REST API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
