Grails Groovy

New Grails Spring Security Core Plugin

May 8th

Posted by Eric Warriner in Grails Groovy

12 comments

Not to be confused with my prior post based on the Acegi plugin…the Spring/Grails folks (more specifically Burt Beckwith) has released a new Spring Security Core Plugin. As per the docs, the plugin greatly simplifies the work of getting Spring Security 3 to work within grails….and I for one very much agree.
Similar to my last post where I used the Acegi plugin, I will list the actions one must take to get a trivial grails based app going with the new spring security core plugin. These steps are very much right from the docs with only a few exceptions

  • HTTPS Channel Security(similar to my last post) support will be added.
  • Netbeans IDE will be used instead of the command line. (as much as possible)

Let’s get started:

  1. Set up grails within Netbeans and create a new project as described in my initial post.
  2. Download the new Spring Security Core Plugin as it is currently not in the default plugin list.
  3. Manually install the plugin using the Netbeans interface by right clicking the project and selecting the “Grails Plugins…” command then click on the “New Plugins” tab as shown below.
  4. Once you have provided the plugin path…press the “Install”
  5. Next you will want to run the “s2-quickstart” command with “User” and “Role” as parameters. I was unable to get Netbeans to properly run this command so I resorted to using the command line.
  6. The script creates the “User”,”Role” and “UserRole” domain classes as well as the required controllers.
  7. As per the tutorial, create a controller that must be secured for testing purposes by running the “create-controller” command and “Secured” as the name parameter.
  8. Modify the controller to render some output and secure it to the Role of “Admin”.
    package springsecuritycore
import grails.plugins.springsecurity.Secured

class SecuredController {

    @Secured(['ROLE_ADMIN'])
   def index = {
      render 'Secure access only'
   }
}
  9. Modify the Bootstrap.groovy file to add a default user.
    import com.test.Role
import com.test.User
import com.test.UserRole
class BootStrap {
   def springSecurityService
   def init = { servletContext ->
      def adminRole = new Role(authority: 'ROLE_ADMIN').save(flush: true)
      def userRole = new Role(authority: 'ROLE_USER').save(flush: true)
String password = springSecurityService.encodePassword('password')
      def testUser = new User(username: 'me', enabled: true, password: password)
      testUser.save(flush: true)
      UserRole.create testUser, adminRole, true
      assert User.count() == 1
      assert Role.count() == 2
      assert UserRole.count() == 1
   }
}
  10. At this point if you run the application and attempt to access the “SecuredController” you will prompted by the default login page for the username=”me” and password=”password”. This was configured in the Bootstrap.groovy file.
  11. To configure Channel Security for HTTPS support you will add the following code to your Config.groovy file
    grails.plugins.springsecurity.secureChannel.definition = [
   '/login/**':         'REQUIRES_SECURE_CHANNEL'
]
  12. Now run the command with “run-app” command with the “-https” flag you will find https channel security is configured to run on the “login” url.
  13. That is pretty much everything…. and please keep in mind that if you are using the postgres database … the domain class “User” will conflict with postgres (which has a table defined as “User) and must be mapped to a different table (see this post and response by Burt Beckwith on the grails forum).
  14. Hope this was helpful to someone and many thanks to the grails community and the plugin creator.

Project code is found on Github here.

,

Exploring Groovy / Grails and Spring Security….

Apr 14th

Posted by Eric Warriner in Grails Groovy

6 comments

Having worked with Java/JSP/Servlet and EJB 2.0/3.0  technology in the past….and more recently GWT and Spring… I really wish to have not waited  so long to embrace Groovy and Grails for all of its awesome-ness. With many thanks to all the “Giants” in the Groovy Grails biz, I was able to get a security based demo app up and running in no time flat. For the uninitiated, I present a intro to Acegi / Spring Security integration (including support for HTTPS with the ChannelProcessingFilter thanks to stainlesscode) within a Grails app. This quick-start will be presented in the context of using Netbeans 6.8 IDE with the Groovy Grails plugin instead of the very popular grails command line functionality. Please click on the images to enlarge their view. The steps are:

  • Complete a Grails install
  • Review this excellent blog post regarding security configuration
  • Configure Grails within Netbeans ->Tools->Options->Misc–>Groovy Tab
  • Create a new Grails project with Netbeans dialog.
  • Right click on the newly created project folder and choosing “Grails Plugin”->”New plugins”->”Acegi–>Install” you will get the latest spring security stack (Acegi 0.5.2 == Spring Security).
  • Right click the project folder again select the “Run Grails Command”
  • Type “create-auth-domain” in the text box to automagically create the auth domain
  • Run the additional grails command “generate-manager”
  • Run the additional grails command “generate-all” and type  ”Person” at the command prompt within netbeans (see next image and you may be prompted to overwrite which is ok)
  • Run the additional grails command “generate-all” and type “Requestmap” at the command prompt (if prompted to overwrite say yes)
  • Run the additional grails command “generate-all” and type “Authority” at the command prompt
  • Edit the Bootstrap.groovy file under the projects configuration folder to create instances of  ”Authorities” and “Persons”
class BootStrap {
     def authenticateService
     def init = { servletContext ->
        //Adding Roles
     def roleAdmin = new Authority(authority:'ROLE_ADMIN', description:'App admin').save()
     def roleUser  = new Authority(authority:'ROLE_USER', description:'App user').save()
        //Adding Users
     def userGod = new Person(username:'god',
        userRealName:'god almighty',
        enabled: true,
        emailShow: true,
        email: 'god@grailsapp.com',
        passwd: authenticateService.encodePassword("god") )

    def userSlave = new Person(username:'slave',
        userRealName:'poor slave',
        enabled: true,
        emailShow: true,
        email: 'slave@grailsapp.com',
        passwd:authenticateService.encodePassword("slave") )

    def secureUserEdit = new Requestmap(url: '/person/edit', configAttribute:'ROLE_ADMIN').save()
    def secureUserSave = new Requestmap(url: '/person/save', configAttribute:'ROLE_ADMIN').save()
    def secureUserCreate = new Requestmap(url: '/person/create', configAttribute:'ROLE_ADMIN,ROLE_USER').save()
    def secureUserList = new Requestmap(url: '/person/list', configAttribute:'ROLE_USER,ROLE_ADMIN').save()
    def baseUrl = new Requestmap(url: '/', configAttribute:'ROLE_USER,ROLE_ADMIN').save()
    roleAdmin.addToPeople(userGod)
    roleUser.addToPeople(userGod)
    roleUser.addToPeople(userSlave)
     }

     def destroy = {
     }
}

The code above was originally posted here.

  • Run the grails command “install templates”
  • Change the netbeans view to the Files tab
  • Navigate to the web.xml file in the src/template/war folder
  • Add the following filter to your web.xml
    </filter>
        <filter>
        <filter-name>Acegi Channel Processing Filter</filter-name>
        <filter-class>org.springframework.security.util.FilterToBeanProxy</filter-class>
        <init-param>
            <param-name>targetClass</param-name>
            <param-value>org.springframework.security.securechannel.ChannelProcessingFilter</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>Acegi Channel Processing Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

The code above was originally posted here

  • Add the following code to your resources.groovy file under configuration/spring/resources.groovy to configure the required beans.
    • At this time if you attempt to run the application with the netbeans “Run Main Project (F6)” button you will see that all requests are now intercepted and transferred to the https channel
    • Almost there…last major step is to instruct the built in Jetty server to utilize port 8443
    • First stop the running server by right clicking the currently running application
    • Run the grails command “run-app –https” which opens port 8443
    • You will then be warned by the browser that the Jetty configured certificates are not recognized
    • Proceed and you will be directed to the login page
    • Because we configured some default users titled “God” and “Slave” in the bootstrap we are able to login.
    • Success!
    • import org.springframework.security.securechannel.ChannelProcessingFilter
import org.springframework.security.securechannel.ChannelDecisionManagerImpl
import org.springframework.security.securechannel.SecureChannelProcessor
import org.springframework.security.securechannel.InsecureChannelProcessor

beans = {
	secureChannelProcessor(SecureChannelProcessor)
	insecureChannelProcessor(InsecureChannelProcessor)

	channelDecisionManager(ChannelDecisionManagerImpl) {
		channelProcessors = [secureChannelProcessor, insecureChannelProcessor]
	}

	channelProcessingFilter(ChannelProcessingFilter) {
		channelDecisionManager=channelDecisionManager
		filterInvocationDefinitionSource='''
			  CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
			  PATTERN_TYPE_APACHE_ANT
			  /login/**=REQUIRES_SECURE_CHANNEL
                          /logout/**=REQUIRES_INSECURE_CHANNEL
                          /person/**=REQUIRES_SECURE_CHANNEL
                          /=REQUIRES_INSECURE_CHANNEL
		      '''
	}
}

    The code above was originally posted here

    Once again,  please review the links I have listed above and many thanks to the Grails community!

    Project code hosted here on GitHub

, , , ,