I am using Alvaro's greach2014 repo to experiment the behavior of Spring Security Rest plugin. I can login to the application and generate authentication token. However, when I try to send a get request, I am being redirected to login page. Here is my cURL response
curl -X GET -i -H "X-Auth-Token: Bearer 6mp70e1h702ig5lp5l4j2dlbdbh5aiip" -H "Accept: application/json" http://localhost:8080/restful-grails-springsecurity-greach2014/categories
HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=7D36AB88B14828CDB7085BBB8722A35F; Path=/restful-grails-springsecurity-greach2014/; HttpOnly
Location: http://localhost:8080/restful-grails-springsecurity-greach2014/login/auth
Content-Length: 0
Date: Tue, 07 Jul 2015 05:59:16 GMT
I have also tried with Bearer flag too but the result is same
curl -X GET -i -H "X-Auth-Token: Bearer 6mp70e1h702ig5lp5l4j2dlbdbh5aiip" -H "Accept: application/json" http://localhost:8080/restful-grails-springsecurity-greach2014/categories
Similarly, I have tried Authorization Bearer header too but it resulted in timeout exception:
``` curl -X GET -i -H "Authorization: Bearer 6mp70e1h702ig5lp5l4j2dlbdbh5aiip" -H "Accept: application/json" http://localhost:8080/restful-grails-springsecurity-greach2014/categories HTTP/1.1 500 Internal Server Error Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 4472 Date: Tue, 07 Jul 2015 05:59:46 GMT Connection: close
Apache Tomcat/7.0.52 - Error report
type Exception report
message Timeout waiting for value
description The server encountered an internal error that prevented it from fulfilling this request.
exception
net.spy.memcached.OperationTimeoutException: Timeout waiting for value
net.spy.memcached.MemcachedClient.getAndTouch(MemcachedClient.java:1179)
net.spy.memcached.MemcachedClient.getAndTouch(MemcachedClient.java:1196)
grails.plugin.springsecurity.rest.token.storage.MemcachedTokenStorageService.findExistingUserDetails(MemcachedTokenStorageService.groovy:64)
grails.plugin.springsecurity.rest.token.storage.MemcachedTokenStorageService.loadUserByToken(MemcachedTokenStorageService.groovy:37)
grails.plugin.springsecurity.rest.RestAuthenticationProvider.authenticate(RestAuthenticationProvider.groovy:55)
grails.plugin.springsecurity.rest.RestTokenValidationFilter.doFilter(RestTokenValidationFilter.groovy:75)
grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
grails.plugin.springsecurity.rest.RestAuthenticationFilter.doFilter(RestAuthenticationFilter.groovy:139)
grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:53)
grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62)
grails.plugin.springsecurity.rest.RestLogoutFilter.doFilter(RestLogoutFilter.groovy:80)
com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
java.lang.Thread.run(Thread.java:745)
root cause
net.spy.memcached.internal.CheckedOperationTimeoutException: Timed out waiting for operation - failing node: localhost/127.0.0.1:11211
net.spy.memcached.internal.OperationFuture.get(OperationFuture.java:167)
net.spy.memcached.MemcachedClient.getAndTouch(MemcachedClient.java:1168)
net.spy.memcached.MemcachedClient.getAndTouch(MemcachedClient.java:1196)
grails.plugin.springsecurity.rest.token.storage.MemcachedTokenStorageService.findExistingUserDetails(MemcachedTokenStorageService.groovy:64)
grails.plugin.springsecurity.rest.token.storage.MemcachedTokenStorageService.loadUserByToken(MemcachedTokenStorageService.groovy:37)
grails.plugin.springsecurity.rest.RestAuthenticationProvider.authenticate(RestAuthenticationProvider.groovy:55)
grails.plugin.springsecurity.rest.RestTokenValidationFilter.doFilter(RestTokenValidationFilter.groovy:75)
grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
grails.plugin.springsecurity.rest.RestAuthenticationFilter.doFilter(RestAuthenticationFilter.groovy:139)
grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:53)
grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62)
grails.plugin.springsecurity.rest.RestLogoutFilter.doFilter(RestLogoutFilter.groovy:80)
com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
java.lang.Thread.run(Thread.java:745)
note The full stack trace of the root cause is available in the Apache Tomcat/7.0.52 logs.
The correct way is to use
curl -X GET -i -H "Authorization: Bearer 6mp70e1h702ig5lp5l4j2dlbdbh5aiip" -H "Accept: application/json" http://localhost:8080/restful-grails-springsecurity-greach2014/categories
The exception was thrown because I was not running memcached locally. Fortunately, ubuntu had one in its rep and I simply had to use apt-get install memcached and sudo service memcached start. Everything worked fine.