acidum.de » Spring Security http://www.acidum.de Sun, 08 Nov 2009 20:12:26 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Grails Spring Security http://www.acidum.de/2008/10/08/grails-spring-security/ http://www.acidum.de/2008/10/08/grails-spring-security/#comments Wed, 08 Oct 2008 13:13:35 +0000 Christoph Hartmann http://www.acidum.de/?p=160 For my current grails project I use the Spring Security Plugin (formerly Acegi Security) to secure my views and services. A tutorial at the Grails site gives a great overview how to install the grails plugin.

Right after installation I faced some issues:

Secure your Rest Services

This sounds quite easy due to a simple switch within the SecurityConfig.groovy. Just activate the BasicProcessingFilter. Now grails uses the Http Basic Authentification.

/** use basicProcessingFilter */
basicProcessingFilter = true

At the client side the code would like:

import sun.misc.BASE64Encoder
import groovy.util.XmlSlurper
 
def userid = "john.doe"
def password = "pass"
 
def url = "http://localhost:8080/CandyStreamServer/rest/gps/"
 
def conn = new URL(url).openConnection()
 
if (userid && password) {
	println "set authorization"
 
	// add HTTP authentication
       String encodedAuth = new BASE64Encoder().encode((userid + ":" + password).getBytes()) 
 
	conn.setRequestProperty("Authorization", "Basic " + encodedAuth)
}
 
def slurper = new XmlSlurper()
 
conn.requestMethod = "GET"
conn.doOutput = true
 
println "check connection"
def response
if (conn.responseCode == conn.HTTP_OK) {
	conn.inputStream.withStream {
		response = slurper.parse(it)
	}
} else {
	response = conn.responseCod
}
println response
conn.disconnect()

Retrieve the Current User

On the server side it may necessary to retrieve the current user. Spring Security offers a SecurityContextHolder. Unfortunately the securityContext.getAuthentication().getPrincipal(); does not return the Groovy user object. Instead the Spring Security Plugin uses its own user implementation that holds the Groovy user object. This is required due to Springs dependency on a specific interface.

The plugin provides a org.codehaus.groovy.grails.plugins.springsecurity.GrailsUser interface that extends the org.springframework.security.userdetails.UserDetails interface. To retrieve your Groovy user object just call getDomainClass()

SecurityContext securityContext = SecurityContextHolder.getContext();
def springUser = securityContext.getAuthentication().getPrincipal();
return springUser.getDomainClass()
]]> http://www.acidum.de/2008/10/08/grails-spring-security/feed/ 2