My web application created using Grails 2.4.4 with shiro:1.2.1 and it's working fine. In my application I've created one user with limited permissions called xyzUser.
Now I've a domain, username, password of the active directory. And my requirement is to allow the request from the same and bypass login page and provide all the access of xyzUser.
For that I've tried
org.grails.plugins:ldap:0.8.2
plugins and add following configuration in config.groovy (https://grails.org/plugin/ldap)
ldap {
directories {
directory1 {
url = "ldap://demo.myDomain.in"
base = "ou=demo,dc=myDomain.in"
userDn = "uid=Username,ou=demo,dc=myDomain.in"
password = "Password"
searchControls {
countLimit = 40
timeLimit = 600
searchScope = "subtree"
}
}
}
typemappings = [
my.app.MyTypeMappings
]
}
Now I can't understand that what to do next to fulfill my requirements...
Related
I am new to Grails and I am working on an exisiting application. I am trying to force the anyone using our website to allways be on https. I added the Spring Security Core plugin
//BuildConfig.groovy
compile "org.grails.plugins:spring-security-core:2.0.0"
and I just added
///Config.groovy
grails.plugin.springsecurity.secureChannel.definition = [
'/**': 'REQUIRES_SECURE_CHANNEL'
When I try to go on localhost:8080/myapp, it redirects me to https://localhost:8443/myapp, but I get a "This webpage has a redirect loop ERR_TOO_MANY_REDIRECTS" message.
I added print statements in my SecurityFilters.groovy, and I can see the infinite loop going
baseFilter(controller: "*", action: "*")
{
before = {
println "baseFilter"
// If auth controller then ok to continue
if (controllerName.equals("auth"))
{
return true;
}
// If no subject (user) and not auth controller then user must authenticate
if (!session.subject && !(controllerName.equals("auth")))
{
params.targetUri = request.forwardURI - request.contextPath
if (params.action=="profile") {
params.targetUri=params.targetUri + "?page=" + params?.page
}
else if (params.action=="results") {
params.targetUri="/home"
}
println "baseFilter: Redirecting: PARAMS = $params"
redirect(controller:'auth', action:'login', params: params)
return false;
}
}
}
It's just:
baseFilter
baseFilter: Redirecting: PARAMS = [action:auth, format:null, controller:login, targetUri:/login/auth]
Over and over.
I've tried many other things I found on Stackoverflow and other websites, but they either do not work, or are too complicated.
Thank you.
Ok, so this isn't the answer to the question, but I managed to achieve what I was trying to do, which was to force SLL, and redirect any attempts to use http. I did this by using the shiro plugin, which was already being used by my application. In the Buildconfig.groovy, just add compile ":shiro:1.2.1" to you plugins. In the config.groovy I added the following properties:
security {
shiro {
filter {
loginUrl = "/login"
successUrl = "/"
unauthorizedUrl = "/unauthorized"
filterChainDefinitions = """
/** = ssl[443]
"""
}
}
}
You can modify your filterChainDefinitions to only force ssl on certain urls. I just used /** because I always want SSL.
We are using grails 2.3.5 app with mongodb (no hibernate installed). I had forked & modified grails database session plugin with HQL queries to use simple queries so as to support mongodb.
Then when I'm trying to login via ajax, it fails. By fail, I mean that, session in created & persisted to the database but not able to login. When I enabled to logs, I saw cookies is present in the request path /j_spring_security_check after authentication but is not available after redirect i.e. in path /login/ajaxSuccess which causing authentication to be treated as false & a new session is created.
Our URL mapping config looks like this: (Does not matters)
"/$controller/$action?/$id?(.$format)?" {
constraints {
}
}
"/v2/$customController/action/$customAction" {
controller = {
return params.customController?.toUpperCamelCase()
}
action = {
return params.customAction?.toUpperCamelCase()
}
}
"/v2/$resource/$resourceId?/$subResource?/$subResourceId?" {
controller = {
if (params.subResource) {
return params.subResource.toUpperCamelCase()
}
return params.resource.toUpperCamelCase()
}
action = {
Map actionMethodMap = [GET: params.resourceId ? "show" : "index", POST: "save", PUT: "update", DELETE: "delete"]
return actionMethodMap[request.method.toUpperCase()]
}
id = {
if (params.subResource && params.subResourceId) {
return params.subResourceId
}
return params.resourceId
}
}
Our configuration looks like this for spring security:
grails.plugins.springsecurity.authority.className = 'com.test.Role'
grails.plugins.springsecurity.userLookup.userDomainClassName = 'com.test.User'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'com.test.UserRole'
grails.plugins.springsecurity.useSessionFixationPrevention = true
//grails.plugins.springsecurity.redirectStrategy.contextRelative = true
grails.plugins.springsecurity.successHandler.defaultTargetUrl = "/app/ng/index.html"
grails.plugins.springsecurity.auth.loginFormUrl = "/app/ng/index.html#/auth/signin"
grails.plugins.springsecurity.auth.ajaxLoginFormUrl = "/v2/login/action/auth-ajax"
grails.plugins.springsecurity.ui.encodePassword = false
grails.plugins.springsecurity.controllerAnnotations.staticRules = [
'/j_spring_security_switch_user': ['ROLE_ADMIN'],
'/ck/standard/filemanager': ['ROLE_ADMIN'],
'/ck/standard/uploader': ['ROLE_ADMIN'],
'/ck/ofm/filemanager': ['ROLE_ADMIN'],
'/ck/ofm/filetree': ['ROLE_ADMIN'],
'/quartz/**': ["ROLE_ADMIN"],
'/**' : ['IS_AUTHENTICATED_ANONYMOUSLY']
]
Other than this, grails.serverURL config is commented for all environments to support wildcard subdomain.
Using:
Spring Security Core plugin version 1.2.7.3
Cookie plugin version 0.51
Webxml plugin version 1.4.1
Mongodb plugin version 2.0.1
using Grails 2.3.8 and
plugins {
compile ':spring-security-core:2.0-RC2'
compile ':spring-security-oauth:2.0.2'
compile ':spring-security-oauth-facebook:0.1'
compile ':spring-security-oauth-google:0.1'
}
and the default providers setup:
oauth{
providers{
facebook{
api = org.scribe.builder.api.FacebookApi
key = '11111'
secret = '222222'
successUri = "http://localhost:8880/oauth/facebook/success"
failureUri = "http://localhost:8880/oauth/facebook/error"
callback = "http://localhost:8880/oauth/facebook/callback"
scope = 'email'
}
}
As I understood, I have to use the absolute URL's for callbacks. That is a problem, as my app is mapped to several domains, like myapp.com, myapp.de, myapp.ru etc.
Is it possible out of the box to provide the callback URL's for each domain?
TIA
so, I figured it out!
the solution contains a bit of ugliness, but works like charm:
in my Config I had to change the providers so, that the server name is reflected in provider name and callback-URLs:
oauth{
providers{
facebook{
api = org.scribe.builder.api.FacebookApi
key = '11111'
secret = '22222222'
scope = 'email'
}
'facebook_localhost'{
api = org.scribe.builder.api.FacebookApi
key = '111111'
secret = '222222222'
successUri = "http://localhost:8880/oauth/facebook_localhost/success"
failureUri = "http://localhost:8880/oauth/facebook_localhost/error"
callback = "http://localhost:8880/oauth/facebook_localhost/callback"
scope = 'email'
}
'facebook_wwwmysitenet'{
api = org.scribe.builder.api.FacebookApi
key = '9999999'
secret = '888888888888'
successUri = "http://www.mesite.net/oauth/facebook_wwwmesitenet/success"
failureUri = "http://www.mesite.net/oauth/facebook_wwwmesitenet/error"
callback = "http://www.mesite.net/oauth/facebook_wwwmesitenet/callback"
scope = 'email'
}
}
}
to make processing easier, I remove the dots from the server name.
The same I made for google.
I am trying to send an email from a grails app. I tried with recommended settings using gmail and it worked fine. I sent mail successfully. But I want to override the username and password dynamically. I don't know how can I do it. Can anybody help?
grails {
mail {
host = "smtp.gmail.com"
port = 465
username = "faruq#gmail.com" // Want to change dynamically like variable ${branch.mail}
password = "12345" // Want to change dynamically like variable ${branch.pass}
props = [
"mail.smtp.auth":"true",
"mail.smtp.socketFactory.port":"465",
"mail.smtp.socketFactory.class":"javax.net.ssl.SSLSocketFactory",
"mail.smtp.socketFactory.fallback":"false"
]
}
}
I use this process for overriding the username from the controller
grailsApplication.config.grails.mail.username = Branch.get(2).mail
by this process username successfully changes
here Branch is my domain class and mail is property
but an authentication problem comes up:
javax.mail.AuthenticationFailedException: 535-5.7.8 Username and Password not accepted
Now what can I do?
You can use an external configuration file - put placeholder values in the main Config.groovy
grails {
mail {
host = "smtp.gmail.com"
port = 465
username = "<changeme>"
password = "<changeme>"
props = [
"mail.smtp.auth":"true",
"mail.smtp.socketFactory.port":"465",
"mail.smtp.socketFactory.class":"javax.net.ssl.SSLSocketFactory",
"mail.smtp.socketFactory.fallback":"false"
]
}
}
and then override them with the correct values in the external config:
grails {
mail {
username = "faruq#gmail.com"
password = "12345"
}
}
To be able to change the credentials dynamically at run time it gets rather more complicated. Under the covers the mail plugin creates a Spring bean which is an instance of JavaMailSenderImpl to handle the actual sending of emails, and this bean is configured by default with static settings from the config. But at runtime this class appears to call its own getUsername() and getPassword() every time it needs to send a message. So you could replace this bean with your own custom subclass of JavaMailSenderImpl that overrides these methods to pull the details from the request context (code example, not tested, and imports/error handling omitted):
src/groovy/com/example/RequestCredentialsMailSender.groovy
class RequestCredentialsMailSender extends JavaMailSenderImpl {
public String getUsername() {
return RequestContextHolder.requestAttributes?.currentRequest?.mailUsername ?: super.getUsername()
}
public String getPassword() {
return RequestContextHolder.requestAttributes?.currentRequest?.mailPassword ?: super.getPassword()
}
}
You'd have to register this bean in your resources.groovy, and duplicate a fair bit of the configuration from the mail plugin itself, which is less than ideal:
grails-app/conf/spring/resources.groovy
beans = {
mailSender(com.example.RequestCredentialsMailSender) {
def mailConf = application.config.grails.mail
host = mailConf.host
port = mailConf.port
username = mailConf.username // the default, if not set in request
password = mailConf.password
protocol = mailConf.protocol
javaMailProperties = mailConf.props
}
}
Now when you need to send mail from a controller you can do
request.mailUsername = Branch.get(2).mail
request.mailPassword = Branch.get(2).mailPassword
sendMail { ... }
Just wanted to verify Ian's answer and expand it.
In the default Config.groovy file I have the added external config line:
grails.config.locations = [
"file:./${appName}-config.groovy",
"classpath:${appName}-config.groovy"
]
....
// and here is the mail config as above
grails{
mail{
....
In the config file at the root level I have my config file: TestApp-config.groovy (where TestApp is the name of my app) as above:
grails {
mail {
username = "faruq#gmail.com"
password = "12345"
}
}
Didn't need anything past this and it worked great.
We can also use replyTo field if our aim is only to get the reply back on specific Email Id. We can dynamically pass an email id to "replyTo" field and can expect an email back on the same.
Example :
asynchronousMailService.sendMail
{
to ["xyz#gmail.com","pqr#gmail.com"]
subject "Subject Text"
if(ccs) cc ["xyz1#gmail.com","pqr1#gmail.com"]
if(bccs) bcc ["xyz2#gmail.com","pqr2#gmail.com"]
if(replyTo) replyTo "xyz#gmail.com"
if(attachBytes) attachBytes attachBytes
}
NOTE: Adding "replyTo" will only allow us to get the emails back on the specified email-id and will not send the email from the configured email.
It was suitable in my use case. Hope it helps !
I'm trying to set up the Mail plugin with my SES credentials, but I am obviously missing something because I keep getting this error:
Class: javax.mail.NoSuchProviderException
Message: No provider for aws
I've added the following to my Config.groovy:
grails {
mail {
host = "email-smtp.us-east-1.amazonaws.com"
port = 465
username = "XXXXXXXXX"
password = "YYYYYYYYY"
props = [
'mail.transport.protocol': 'aws',
'mail.aws.class': 'com.amazonaws.services.simpleemail.AWSJavaMailTransport',
'mail.aws.user': 'WWWWWWWWWWWW',
'mail.aws.password': 'ZZZZZZZZZZZ'
]
}
}
I've been looking through all the possible tutorials, half of them were from the time SES didn't support SMTP, thats why I have the class reference from the maven repo.
Does anyone know how I can configure this?
This is what I have been using successfully -
grails {
mail {
host = "email-smtp.us-east-1.amazonaws.com"
port = 587
username = "smtp user name"
password = "smtp password"
props = ["mail.smtp.starttls.enable":"true",
"mail.smtp.port":"587"]
}
}
Let me know if the above works