Grails(16)Secure the REST API-Basic Auth

Grails(16)Secure the REST API-Basic Auth
Here are my configuration in Config.groovy
// Added by the Spring Security Core plugin:
grails.plugins.springsecurity.userLookup.userDomainClassName = 'com.sillycat.project.security.BrandUser'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'com.sillycat.project.security.BrandUserSecurityRole'
grails.plugins.springsecurity.authority.className = 'com.sillycat.project.security.SecurityRole'
grails.plugins.springsecurity.userLookup.usernamePropertyName = 'email'

//Enable Basic Auth Filter
grails.plugins.springsecurity.useBasicAuth = true
grails.plugins.springsecurity.basic.realmName = "sillycat"

//Exclude normal controllers from basic auth filter. Just the JSON API is included
grails.plugins.springsecurity.filterChain.chainMap = [
'/location/**': 'JOINED_FILTERS,-exceptionTranslationFilter',
'/**': 'JOINED_FILTERS,-basicAuthenticationFilter,-basicExceptionTranslationFilter'
]

grails.plugins.springsecurity.securityConfigType = "InterceptUrlMap"
grails.plugins.springsecurity.interceptUrlMap = [
  '/css/**':    ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/common.css':  ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/favicon.ico': ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/js/**':   ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/login/**':  ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/register/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/error/**':  ['IS_AUTHENTICATED_ANONYMOUSLY'],
  //'/location/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
  '/**':      ['IS_AUTHENTICATED_REMEMBERED']
]

Here I have 2 kind of configurations now, 1 is for page secure, the other is basic auth, it is for the api part.

Beside the Controller REST API action, there is a annotation
@Secured(["ROLE_USER"])

My test case will be like this to send the basic auth from the header
@Test
publicvoid testGetSuccessswithServer(){
     def client = new RESTClient("http://localhost:8080")
     client.auth.basic 'username', 'password'
     defresponse = client.get(path: "location/1")
     System.out.println(response.status)
     System.out.println(response.data)
}


Or I can use POSTMAN to verify my API. There is a tab menu named Basic Auth, just put the user name and password.

The basic authority can work alone, but they can not work together.

References:
http://grails-plugins.github.com/grails-spring-security-core/docs/manual/

http://dead-knight.iteye.com/blog/1520080