For my current grails project I use the Spring Security Plugin (formerly Acegi Security) to secure my views and services. A tutorial at the Grails site gives a great overview how to install the grails plugin.
Right after installation I faced some issues:
Secure your Rest Services
This sounds quite easy due to a simple switch within the SecurityConfig.groovy. Just activate the BasicProcessingFilter. Now grails uses the Http Basic Authentification.
/** use basicProcessingFilter */ basicProcessingFilter = true
At the client side the code would like:
import sun.misc.BASE64Encoder import groovy.util.XmlSlurper def userid = "john.doe" def password = "pass" def url = "http://localhost:8080/CandyStreamServer/rest/gps/" def conn = new URL(url).openConnection() if (userid && password) { println "set authorization" // add HTTP authentication String encodedAuth = new BASE64Encoder().encode((userid + ":" + password).getBytes()) conn.setRequestProperty("Authorization", "Basic " + encodedAuth) } def slurper = new XmlSlurper() conn.requestMethod = "GET" conn.doOutput = true println "check connection" def response if (conn.responseCode == conn.HTTP_OK) { conn.inputStream.withStream { response = slurper.parse(it) } } else { response = conn.responseCod } println response conn.disconnect()
Retrieve the Current User
On the server side it may necessary to retrieve the current user. Spring Security offers a SecurityContextHolder. Unfortunately the securityContext.getAuthentication().getPrincipal(); does not return the Groovy user object. Instead the Spring Security Plugin uses its own user implementation that holds the Groovy user object. This is required due to Springs dependency on a specific interface.
The plugin provides a org.codehaus.groovy.grails.plugins.springsecurity.GrailsUser interface that extends the org.springframework.security.userdetails.UserDetails interface. To retrieve your Groovy user object just call getDomainClass()
SecurityContext securityContext = SecurityContextHolder.getContext(); def springUser = securityContext.getAuthentication().getPrincipal(); return springUser.getDomainClass()
Tags: Acegi Security, Grails, Groovy, Spring Security
October 12th, 2008 at 5:56 pm
Hey Chris,
I was wondering if you have tried deploying your app to a Tomcat server. My app deploys fine to tomcat server 5.5, but when i load my app with acegi security the deployment fails. Any ideas?
October 13th, 2008 at 3:36 pm
Hey Daniel,
I going to deploy my app to the Glassfish Application Server by next week. I havn’t tried the Tomcat server yet. Have you setup the database properly? What kind of error do you get? Grails use different configurations for test and production deployment. May this be the error?