Java, JavaFX, Groovy, Grails …
Posts tagged groovy
Exploring Groovy / Grails and Spring Security….
Apr 14th
Having worked with Java/JSP/Servlet and EJB 2.0/3.0 technology in the past….and more recently GWT and Spring… I really wish to have not waited so long to embrace Groovy and Grails for all of its awesome-ness. With many thanks to all the “Giants” in the Groovy Grails biz, I was able to get a security based demo app up and running in no time flat. For the uninitiated, I present a intro to Acegi / Spring Security integration (including support for HTTPS with the ChannelProcessingFilter thanks to stainlesscode) within a Grails app. This quick-start will be presented in the context of using Netbeans 6.8 IDE with the Groovy Grails plugin instead of the very popular grails command line functionality. Please click on the images to enlarge their view. The steps are:
- Complete a Grails install
- Review this excellent blog post regarding security configuration
- Configure Grails within Netbeans ->Tools->Options->Misc–>Groovy Tab
- Create a new Grails project with Netbeans dialog.
- Right click on the newly created project folder and choosing “Grails Plugin”->”New plugins”->”Acegi–>Install” you will get the latest spring security stack (Acegi 0.5.2 == Spring Security).
- Right click the project folder again select the “Run Grails Command”
- Type “create-auth-domain” in the text box to automagically create the auth domain
- Run the additional grails command “generate-manager”
- Run the additional grails command “generate-all” and type ”Person” at the command prompt within netbeans (see next image and you may be prompted to overwrite which is ok)
- Run the additional grails command “generate-all” and type “Requestmap” at the command prompt (if prompted to overwrite say yes)
- Run the additional grails command “generate-all” and type “Authority” at the command prompt
- Edit the Bootstrap.groovy file under the projects configuration folder to create instances of ”Authorities” and “Persons”
class BootStrap {
def authenticateService
def init = { servletContext ->
//Adding Roles
def roleAdmin = new Authority(authority:'ROLE_ADMIN', description:'App admin').save()
def roleUser = new Authority(authority:'ROLE_USER', description:'App user').save()
//Adding Users
def userGod = new Person(username:'god',
userRealName:'god almighty',
enabled: true,
emailShow: true,
email: 'god@grailsapp.com',
passwd: authenticateService.encodePassword("god") )
def userSlave = new Person(username:'slave',
userRealName:'poor slave',
enabled: true,
emailShow: true,
email: 'slave@grailsapp.com',
passwd:authenticateService.encodePassword("slave") )
def secureUserEdit = new Requestmap(url: '/person/edit', configAttribute:'ROLE_ADMIN').save()
def secureUserSave = new Requestmap(url: '/person/save', configAttribute:'ROLE_ADMIN').save()
def secureUserCreate = new Requestmap(url: '/person/create', configAttribute:'ROLE_ADMIN,ROLE_USER').save()
def secureUserList = new Requestmap(url: '/person/list', configAttribute:'ROLE_USER,ROLE_ADMIN').save()
def baseUrl = new Requestmap(url: '/', configAttribute:'ROLE_USER,ROLE_ADMIN').save()
roleAdmin.addToPeople(userGod)
roleUser.addToPeople(userGod)
roleUser.addToPeople(userSlave)
}
def destroy = {
}
}The code above was originally posted here.
- Run the grails command “install templates”
- Change the netbeans view to the Files tab
- Navigate to the web.xml file in the src/template/war folder
- Add the following filter to your web.xml
</filter>
<filter>
<filter-name>Acegi Channel Processing Filter</filter-name>
<filter-class>org.springframework.security.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.springframework.security.securechannel.ChannelProcessingFilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Acegi Channel Processing Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>The code above was originally posted here
- Add the following code to your resources.groovy file under configuration/spring/resources.groovy to configure the required beans.
- At this time if you attempt to run the application with the netbeans “Run Main Project (F6)” button you will see that all requests are now intercepted and transferred to the https channel
- Almost there…last major step is to instruct the built in Jetty server to utilize port 8443
- First stop the running server by right clicking the currently running application
- Run the grails command “run-app –https” which opens port 8443
- You will then be warned by the browser that the Jetty configured certificates are not recognized
- Proceed and you will be directed to the login page
- Because we configured some default users titled “God” and “Slave” in the bootstrap we are able to login.
- Success!
- At this time if you attempt to run the application with the netbeans “Run Main Project (F6)” button you will see that all requests are now intercepted and transferred to the https channel
import org.springframework.security.securechannel.ChannelProcessingFilter
import org.springframework.security.securechannel.ChannelDecisionManagerImpl
import org.springframework.security.securechannel.SecureChannelProcessor
import org.springframework.security.securechannel.InsecureChannelProcessor
beans = {
secureChannelProcessor(SecureChannelProcessor)
insecureChannelProcessor(InsecureChannelProcessor)
channelDecisionManager(ChannelDecisionManagerImpl) {
channelProcessors = [secureChannelProcessor, insecureChannelProcessor]
}
channelProcessingFilter(ChannelProcessingFilter) {
channelDecisionManager=channelDecisionManager
filterInvocationDefinitionSource='''
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login/**=REQUIRES_SECURE_CHANNEL
/logout/**=REQUIRES_INSECURE_CHANNEL
/person/**=REQUIRES_SECURE_CHANNEL
/=REQUIRES_INSECURE_CHANNEL
'''
}
}The code above was originally posted here
Once again, please review the links I have listed above and many thanks to the Grails community!
Project code hosted here on GitHub
![[FSF Associate Member]](http://images.ericwarriner.com/fsf/fsf.png){kind=small}
