I would like to get started with a simple Grails app which allows my users to login through several openIDConnect providers like google.
So I started to add some dependencies to my project:
compile 'org.grails.plugins:spring-security-core:3.2.0'
compile 'org.grails.plugins:spring-security-oauth2:1.1.0'
compile 'org.grails.plugins:spring-security-oauth2-google:1.1.0'
and initialized spring-security via
grails s2-quickstart com.yourapp User Role
and oauth2 via
grails init-oauth2 com.yourapp User OAuthID
then I've added
static hasMany = [oAuthIDs: OAuthID]
to my User. In the application.yaml I've configured google as auth provider. The google setup seems to be ok - it is take from another project.
As a last step, I've added
<oauth2:connect provider="google" id="google-connect-link">Google</oauth2:connect>
Logged with google?
<oauth2:ifLoggedInWith provider="google">yes</oauth2:ifLoggedInWith>
<oauth2:ifNotLoggedInWith provider="google">no</oauth2:ifNotLoggedInWith>
to my index.gsp to able to invoke the login and see what is going on.
So far, so good. After successfull login with google, I am redirected to http://localhost:8080/oauth2/createaccount where I have to chose if I would like to create a new user or link to an existing one.
If I try to create a new one, it fails with
Class
java.lang.NullPointerException
Message
Request processing failed; nested exception is org.grails.gsp.GroovyPagesException: Error processing GroovyPageView: [views/index.gsp:60] Error executing tag <oauth2:ifLoggedInWith>: Cannot invoke method sessionKeyForAccessToken() on null object
Caused by
Cannot invoke method sessionKeyForAccessToken() on null object
(btw: you have to use a strong password in order to avoid another error message)
Grails V3.3.1 running on Windows 10
had to figure out that this is a bug in the grails-spring-security-oauth2-plugin, but the fix hasn't been published to the Grails central repo:
https://github.com/MatrixCrawler/grails-spring-security-oauth2/issues/9
Related
I have a grails 3.3.6 application configured with a REST profile using gorm version 6.1.10. When I added these dependencies, I began having issues with configuration. In my build.gradle file:
compile "org.grails.plugins:spring-security-core:3.2.0.M1"
compile "org.grails.plugins:spring-security-rest:2.0.0.M2"
compile "org.grails.plugins:spring-security-ui:3.1.2"
I have a users table titled 'App_User' and a role table titled 'Role'. I do not use the default user table name since it is a reserved word in Postgres. The spring-security tables were generated using the s2-quickstart script found here. Additionally, the rest plugin is found here.
It is confirmed that hibernate generates the correct tables and fields in my db. However, my app fails and gives the following relevant error:
2018-11-27 14:44:07.007 ERROR --- [ main] o.g.d.m.services.DefaultServiceRegistry : Could not load GORM service: org.grails.datastore.mapping.services.Service: Provider charity.navigator.rest.$App_UserServiceImplementation not found
java.util.ServiceConfigurationError: org.grails.datastore.mapping.services.Service: Provider charity.navigator.rest.$App_UserServiceImplementation not found
I can provide an additional stack trace if needed.
I do not have an explicit service for the 'App_User' domain since I want to rely on spring-security to do all the work. If I need one, please provide a link to a working project that I can model.
For some context, I am loosely following this tutorial but with some necessary extensions.
Since I am also not sure what is precisely causing the error and because I do not want to publish the entire project, I am willing to provide some additional source code and context if needed.
I have installed the below plugins
compile 'org.grails.plugins:spring-security-core:3.1.1'
compile "org.grails.plugins:spring-security-oauth2:1.1.0"
compile "org.grails.plugins:spring-security-oauth2-google:1.1.0"
Spring security core is working properly.
But I am having issues in implementing the oauth-google authentication.
The plugin documentation says we need to pass the api_key and api_secret. I have created a project in console.developers.google.com and have created the API Key and Oauth Keys, I am confused on which values to use in the application.yml.
Because as per console.developers.google.com the API key and Oauth Key are separate credentials.
Any suggestion on from where to get and how to set the below values would be helpful.
api_key: 'AIzaSyBjfn345tg6j0ol1e89kHMOY'
api_secret: 'xseettDDNtjjuutrfuAFTe4d'
successUri: "/oauth2/google/success"
failureUri: "/oauth2/google/failure"
callback: "/oauth2/google/callback"
scopes: "some_scope"
api_key and api_secret
I took those keys from console.cloud.google.com/
API Manager > Credentials > Create / Edit the entry
then Client ID and Client Secret are the needed values. Other parameters are paths within the Grails app itself, I believe you can change those if you want to override the default behaviour of the plugin.
But there's more ...
Remember about whitelisting your callback address (done on the very same panel). For local connection I set it (on Google API Manager) as
http://localhost:8080/oauth2/google/callback
Remember that apart of calling grails s2-quickstart com.yourapp User Role you need to call also grails init-oauth2 ... (described here - https://github.com/MatrixCrawler/grails-spring-security-oauth2).
Next thing I had to was to override the default login page to be able to display the link mentioned here https://github.com/MatrixCrawler/grails-spring-security-oauth2-google <oauth2:connect provider="google" id="google-connect-link">Google</oauth2:connect>. The default ones are here https://github.com/grails-plugins/grails-spring-security-core/tree/master/grails-app/views/login you just have to copy them to grails-app/views/login/ and modify them.
Next problem was that script from point 2 didn't add static hasMany = [oAuthIDs: OAuthID] field to User domain, which caused the ask view submit to crash.
After that, the Google Oauth2 authentication worked for me.
I am wondering how to add Administrator user to a Grails app on the boot.
Scenario: I developed Grails application and have User permission in place (implemented in Grails). Now once I deploy app on a server, the very first thing it should do is to create Admin user. My question is how to do it? I don't need elaborate "installation" right now.
My thoughts: I figured to put check and admin creation code in bootstrap, here is a sample code:
def admin = User.findByLogin("admin")
if (!admin) {
admin = new User(login:"admin", name:"Administrator", password:"password")
admin.save()
}
However everytime I run app in eclipse it fails to do anything. I mean no errors, no movement at all. Application runs fine but it seems like bootstrap is skipped completely.
Question is how do I add Admin user via Grails app on a first run or a boot?
If I need to use a bootstrap, what is an issue with my above code?
It's most likely the case that the save() call is failing to validate. Replace admin.save() with
if (!admin.save()) {
println "Failed to save admin due to errors: $admin.errors"
}
or something similar to get an indication of what's going on. Also add another println before this code to ensure that the code is even running - you may have a more significant error in the code.
In general it's best to run grails clean when code that should work doesn't. It forces a full recompilation and often makes weird behavior go away.
Try this code:
def admin = User.findByLogin("admin")
if (!admin) {
admin = new User(login:"admin", name:"Administrator", password:"password")
admin.save(failOnError:true)
}
The flag failOnError force grails to throw exception if save was unsuccessful due to validation errors, without this flag grails will not save instance silently.
We are using IBM Web Experience Factory 7.0.1 for our project. In one of the models we are connecting to a WSDL based service. For that we are using Web Service Multiple Operation Builder. I have enabled testing support for the builder. But when I am testing by launching the model and try to invoke any methods I get the follwing error:
An error has occurred. The error message returned was: "Error in
method sd_WSMultiOpServicesGetOrdersGotoOperation. Error in method
sd_WSMultiOpServicesGetOrders_ShowResults. Error in method
getOrdersExecute. Error in method getOrders.invoke. Error in method
getOrders.invokeInternal. (404)Not Found".
Both of the Web Experience Factory (WEF) Web Service builders have an advanced input (checkbox) to tell them to log the requests and responses they're making/getting back. Check that checkbox then save the model and run it again (redeploy if not auto-synching the project to the deployed WAR). Then when you run the action that hits the web service, it should log additional debugging info into the deployed WAR's WEB-INF/logs folder in debugTracing.txt. That should tell you what URL it's trying to hit with the web service that you're receiving the 404 error back from.
I hope that info helps,
..Mike Burati
The postings on this site are my own and do not necessarily represent the positions, strategies, or opinions of IBM.
I have just started using grails and installed the spring-security and spring-security-ui plugins. I am following the tutorial given here. The application starts with one bootstrapped user me with ROLE_ADMIN permission.
With the UI override scripts I was able to get the register functionality up and running and it works all right. Now, I have installed the User Management scripts (grails s2ui-override user) to try adding, editing, removing users.
A new user gets created fine, I have checked this against the HSQLDB instance. However, if I now log-out from the application and try to login with the newly created user the application tells me that it is unable to find a user with the provided username and password.
I haven't modified the default logout handling so am using /j_spring_security_logout which as the documentation says invalidates the session.
Is this a know issue? If so how can I get around this or if not how can I debug this issue?
EDIT:
This issue is also persisting without the UI addition. Register as a new user. Once you finish e-mail verification you are auto-logged in to the site. Now logout and try to login in back again. It gives the same error.
FINAL EDIT:
The UI plugin comes with the RegisterController that still encodes the password. However, the newer domain classes that come with the core are also doing this and the recommended practice is that controllers shouldn't. I commented out a line that does the encoding and the login/logout works now at least for the basic scenario.
There is a warning on that tutorial
Earlier versions of the plugin didn't include password encryption logic in the domain class, but it makes the code a lot cleaner.
I am guessing security-ui plugin does not know about that change, and comparing unencrypted password with the encrypted one on the database.
l managed to fix my problem. The problem was double encryption. Under the spring security ui in the user controller on line 41 the password was being encrypted and then again by the domain class so on login it was comparing a double encrypted password and a single encrypted password. To solve the problem l just commented out line 41 in the user controller which was encrypting the password
EDIT: If you have trouble figuring out where one would go to edit the controller, you can find the source code of the downloaded plugins in your user home's
/.grails/version/projects/projectname/plugins
directory for editing (at least on Mac / Linux, dunno where you'd find it in windows).