I am attempting to use the Grails Spring Security Core plugin. I would like to override the login functionality, which is 'login/authenticate'. I searched through the spring-security-core plugin source and wasn't able to find the 'authenticate' method, and its not in the generated LoginController.
https://github.com/grails-plugins/grails-spring-security-core/blob/master/grails-app/controllers/grails/plugin/springsecurity/LoginController.groovy
Any guidance would be most appreciated. Thank you in advance.
Spring security is built around filter chains. The correct way would be to create a new filter. You probably need to download the spring grails security core plugin and look at classes like GrailsUsernamePasswordAuthenticationFilter to get a feel for how to do it. Your way forward might be to copy GrailsUsernamePasswordAuthenticationFilter, install it as your authentication filter, and put logging in there.
Related
I have upgraded Grails and Spring Security to latest (3.3.0.RC1 and 3.2.0.M1 respectively) by following all of the migration paths but now my annotations no longer work. Control follows through to my not authorised callback (grails.plugin.springsecurity.adh.errorPage).
I have my own list of enum backed Permissions that I use to populate my list of authorities which are being correctly loaded for my user object but they no longer work in my annotations using the hasRole expression as follows;
#Secured(["hasAnyRole('PERM_VIEW_REPORTS'"])
other expressions are working fine such as the following
#Secured("authentication.name == 'sys_admin'")
#Secured("hasRole('PERM_VIEW_REPORTS')")
I don't suppose anyone has had any similar experience with the latest Spring Security release for Grails. Remember the above has worked perfectly until I upgraded but I don't see anything in the migration path that suggests there might be a problem with this system.
Thanking for any suggestions in advance.
This came down to the "ROLE_" prefix being mandatory again in the new Spring Security 3.2.0.M1 release. As can be seen from above, I had being using a "PERM_" prefix up to now to indicate that I'm using a permission based instead of role based paradigm.
I'm hoping to add this to the migration guide for the plugin as it's a major omission AFAIC. I would hope this would become a configuration option for the plugin in a future release.
EDIT:
It turns out Spring Security have introduced new methods hasAuthority() and hasAnyAuthority() which do not use the default role prefix and so can be used in place of hasRole() and hasAnyRole().
I have forked and updated the Spring Security docs for 3.2 and sent a pull request.
Please try with
#Secured ('ROLE_USER')
If you're trying to secured with more than one Role
#Secured(['ROLE_USER','ROLE_ADMIN'])
I am using the new grails 2.3.4 with Spring Security Core 2.0-RC2 plugin. I have generated the domain objects and got also a user via the Bootstrap.groovy into the db. However, I am wondering where to specify a custom login for my page?
Is it also possible to do the sign up process via the spring security plugin?
I appreciate your answer!
Create a gsp in the following pattern: grails-app/views/login/auth.gsp.
This way the default template is automatically replaced.
This is the first time i have attempted to use spring security UI in my Grails application.
I am currently using Spring Security Core and it works fine but I like the ideas of the UI plugin.
I have read through the documentation and I cannot see any single commant to run to set everything up with default values. Keeping in mind I have Spring Security Core already running.
Can anyone please help me out.
Thanks
You just need to override your auth view using
grails s2ui-override auth
I'm trying to include Grails applications into a Liferay portlet. I tried the Grails Liferay Portlets Plugin but it did not work for me at all.
Does anybody know any other possibilities? Which do you think is the best and why?
We had our Grails project integrated with Liferay at one point but it was a mess. Inevitably we pulled it out of Liferay and we were able to use Grails properly again. In our instance the question became, why are we using Liferay and do we really need it?
Now if you have a requirement for Liferay you might try simply using Spring Portlet support and use parts of Grails you like but not fully integration. Spring Portlets with Groovy were much easier and cleaner to do. If you simply want Grails goodies for services etc. you can try deploying a Grails WAR on the same tomcat and expose services to your portlets through REST, Hessian, Burlap or some other easy service serialization mechanism in Spring/Grails. In this case you have a Liferay UI app that calls your Grails services.
Once again, try some options, then decide if you truly need (or have) to use Liferay. With advances in Javascript UI packages, I'm not sure 'portlet' spec apps are as appealing as they once were and the word 'portal' is something that sounds good to management but inevitably means little to what needs to be implemented.
I want to change the authentication process that is used by the Acegi - Plugin. It should be a completely customized process. Custom login form + custom auth method.
Obviously there is only little documentation regarding this topic.
In the book The Definitive Guide to Grails it is described for an older version of grails. There the spring/resources.xml is used.
In the new version is a spring/resources.groovy file, where a DSL is used. I don't know how to configure a new AuthenticationManager.
How can I do this?
In respect to the form, you should have a auth.gsp under /grails-wapp/views/login. In respect to authentication, you probably only need to injet a different AuthenticateService in LoginController, which is under /grails-app/controllers/.