I have Shiro domain classes as below:
class ShiroUser {
String email
String password
static hasMany = [ roles: ShiroRole, permissions: String ]
static constraints = {
email(nullable: false, blank: false, unique: true)
}
}
class ShiroRole {
String name
static hasMany = [ users: ShiroUser, permissions: String ]
static belongsTo = ShiroUser
static constraints = {
name(nullable: false, blank: false, unique: true)
}
}
I received ShiroUser's email from params.email. And I want to find out the permission that belongsTo ShiroUser using criteria().
I tried the below code, but couldn't succeed.
def criteria= permissions.createCriteria().listDistinct {
ShiroRole{
ShiroUser{
eq("email", params.email)
}
}
}
Your criteria is wrongly built. I'd keep it simple and put like:
def permissions = ShiroUser.findByEmail( params.email )?.roles*.permissions.flatten() as Set
If you want to stick with criteria:
def permissions = ShiroRole.createCriteria().listDistinct {
projections{
property 'permissions'
}
users{
eq "email", params.email
}
}
Related
I'm writing an application on Grails. I'm trying to add child database record to parent table using addTo-method. I follow this documentation about addTo-method. And for example, documentation says create parent-class:
class Author { String name
static hasMany = [fiction: Book, nonFiction: Book]
}
Follow this I created my parent-class:
class Cafee {
String cafeeName = ""
int totalReservationPlaces = 0
double placeCost = 0
String currencyType = ""
boolean isReservationAvailable = false
boolean reservationTimeLimit = false
boolean reservationDateLimit = false
int totalPlaces = 0
long startTimeLimit = 0
long endTimeLimit = 0
Date startDateLimit = new Date()
Date endDateLimit = new Date()
static constraints = {
cafeeName blank: false, unique: true
}
String getCafeeName(){
return cafeeName
}
static hasMany = [admin: Person]
}
Documentation says create child-class:
class Book { String title
static belongsTo = [author: Author]
}
Follow this I've created my child-class:
class Person {
transient springSecurityService
String username
String password
boolean enabled = true
boolean accountExpired
boolean accountLocked
boolean passwordExpired
String firstName
String lastName
String email
String inn = ""
boolean isAdminCafee = false
static transients = ['springSecurityService']
static belongsTo = [cafee:Cafee]
static constraints = {
username blank: false, unique: true
firstName blank: false
lastName blank: false
password blank: false
email blank: false, unique: true
}
static mapping = {
password column: '`password`'
}
Set<Authority> getAuthorities() {
PersonAuthority.findAllByPerson(this).collect { it.authority }
}
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService?.passwordEncoder ? springSecurityService.encodePassword(password) : password
}
}
And documentation says to add child record to parent I must do something this:
def fictBook = new Book(title: "IT")
def nonFictBook = new Book(title: "On Writing: A Memoir of the Craft")
def a = new Author(name: "Stephen King")
.addToFiction(fictBook)
.addToNonFiction(nonFictBook)
.save()
Follow it in Bootstrap I've done this:
def user = Person.findOrSaveWhere(username: 'testerAndrewRes', password:'password', firstName:'Andrew', lastName:'Bobkov', email:'pragm#gmail.com', isAdminCafee: true,
inn: '1234567890')
println user
if(!user.authorities.contains(adminRole))
{
PersonAuthority.create(user, adminRole, true)
}
def newCafe = new Cafee(cafeeName: "Tarelka").addToAdmin(user).save()
But I get an error:
ERROR context.GrailsContextLoaderListener - Error initializing the application: object references an unsaved transient instance - save the transient instance before flushing: restorator.auth.Person; nested exception is org.hibernate.TransientObjectException: object references an unsaved transient instance - save the transient instance before flushing: restorator.auth.Person
Message: object references an unsaved transient instance - save the transient instance before flushing: restorator.auth.Person; nested exception is org.hibernate.TransientObjectException: object references an unsaved transient instance - save the transient instance before flushing: restorator.auth.Person
What I do wrong?
The error message is clear I think.
Try adding:
user.save(flush:true)
before:
def newCafe = new Cafee(cafeeName: "Tarelka").addToAdmin(user).save()
This is my user class that has Spring Security on it
package rms
import java.util.Date;
import java.util.Set;
import enums.EmployeeStatus;
class User {
transient springSecurityService
String username
String password
boolean enabled
boolean accountExpired
boolean accountLocked
boolean passwordExpired
String firstName
String lastName
String middleName
String contactNumber
String position
String emailAddress
String employeeID
Date dateOfBirth
EmployeeStatus employeeStatus
int age
byte [] picture
static hasMany = [employeeReport: EmployeeReport]
static constraints = {
picture maxSize:20* 1024 * 1024
dateOfBirth nullable: true
employeeStatus blank: false
position blank: false
contactNumber blank: false
emailAddress blank: false, matches: "([a-z0-9_.-]+)#([da-z.-]+).([a-z.]{2,6})", email: true
age min: 18
username blank: false, unique: true
password blank: false, password: true
}
static mapping = { password column: '`password`' }
Set<SecRole> getAuthorities() {
SecUserSecRole.findAllBySecUser(this).collect { it.secRole } as Set
}
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password)
}
String toString(){
return "SecUser $username"
}
}
I tried this tag <sec:loggedInUserInfo field="username"/> and it works fine but this doesn't work <sec:loggedInUserInfo field="firstName"/>. It gives a
No such property: firstName for class: org.codehaus.groovy.grails.plugins.springsecurity.GrailsUser
Is there any other way to display the other properties of the current logged in user?
The loggedInUserInfo can only access data from the "principal", which is typically an instance of GrailsUser. The data includes username, id, the assigned role names, and a few booleans about whether the user is enabled, the account is locked, etc. It's easy to subclass GrailsUser and create your own UserDetailsService and capture other data from the user domain class during authentication, and store that in the GrailsUser subclass to make it available to this tag; see http://grails-plugins.github.io/grails-spring-security-core/docs/manual.1273/guide/11%20Custom%20UserDetailsService.html for more info.
This works well if the data is read-only since it will be cached until the user logs out or the session expires. If the data that you want to display can change, retrieve the user instance and add it to the model map you return from the controller action:
class MyController {
def springSecurityService
def theAction() {
...
def user = springSecurityService.currentUser
[user: user, foo: 5, bar: "whatever", ...]
}
}
and then you can display whatever you want in the GSP, e.g. ${user.firstName}
I have installed the grails Spring-Security plugin:
plugins {
compile ':spring-security-core:2.0-RC2'
}
Then I used the grails s2-quickstart com.jane Person Role command to create the needed domain classes.
As I have my own User class I refactored the code to use my User class:
package com.jane
class User {
transient springSecurityService
String email
String name
String password
Boolean isAgreeTerms = false
Date agreeTermsDt
Boolean isActive = false
Boolean isBlocked = false
Date dateCreated
Integer createdBy = 0
Date lastUpdated
Integer modifiedBy = 0
static transients = [ 'springSecurityService' ]
static hasMany = [ userProductTier: UserProductTier ]
static mapping = {
id column: "userID"
dateCreated column: 'createdDt'
lastUpdated column: 'modifiedDT'
}
static constraints = {
email blank: false, email: true, unique: true, size: 5..100
name blank: false, size: 3..50
password blank: false
}
void beforeInsert() {
if ( isAgreeTerms ) {
agreeTermsDt = new Date()
}
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password)
}
}
I then modified the config.groovy file to:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.jane.User'
grails.plugin.springsecurity.userLookup.usernamePropertyName = 'email'
grails.plugin.springsecurity.userLookup.enabledPropertyName = 'isActive'
grails.plugin.springsecurity.userLookup.accountExpiredPropertyName = 'isBlocked'
grails.plugin.springsecurity.userLookup.accountLockedPropertyName = 'isBlocked'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.jane.UserRole'
grails.plugin.springsecurity.authority.className = 'com.jane.Role'
I can create users fine, verify they are in the database, have verified that encodePassword is called once. But every time I try to login I get the following error:
Sorry, we were not able to find a user with that username and
password.
And here is the service method to create users:
User createTeamLeader( String name, String email, String password, Boolean isAgreeTerms, Integer productTierId ) {
User user = new User( name: name, email: email, password: password, isAgreeTerms: isAgreeTerms, isActive: true)
UserProductTier userProductTier = new UserProductTier( productTierId: productTierId )
user.addToUserProductTier( userProductTier )
user.save()
UserRole.create( user, Role.findByAuthority('ROLE_USER'), true )
UserRole.create( user, Role.findByAuthority('ROLE_LEAD'), true )
user
}
Often adding debug logging helps, since Spring Security logs a lot at the debug level:
log4j = {
...
debug 'org.springframework.security'
}
In this case it didn't show the problem, so I added an event listener to see if there was information in the failure event:
grails.plugin.springsecurity.useSecurityEventListener = true
grails.plugin.springsecurity.onAbstractAuthenticationFailureEvent = { e, appCtx ->
println "\nERROR auth failed for user $e.authentication.name: $e.exception.message\n"
}
That displayed this:
ERROR auth failed for user ernie#ss.com: No such property: authorities for class: com.jane.User
When you made changes in the class, you removed the getAuthorities method that was in the original version, and is used by the UserDetailsService to determine granted roles during authentication. Adding it back got things working:
Set<Role> getAuthorities() {
UserRole.findAllByUser(this).collect { it.role } as Set
}
I get a problem due to my poor knowledge on GORM and modeling domain object in Grails.
Here is my issue :
| Error Error loading plugin manager:
No owner defined between domain classes [class com.myproject.model.Project] and
[class com.crowdfun.Sector] in a many-to-many relationship.
Example: static belongsTo = com.myproject.model.Sector
(Use --stacktrace to see the full trace)
I can't say what is wrong, because I follow the tutorial of official grails documentations : http://grails.org/doc/latest/guide/GORM.html#manyToMany
My classes :
Project.groovy :
class Project {
String name
Integer nbInvestors
Region region
Integer nbDays
Boolean success
String equity
String currency
Double target
Double raisedAmount
String url
Double valuation
boolean extended = false
static belongsTo = [
site: Site,
sector: Sector
]
static hasMany = [
sectors: Sector
]
static hasOne = [
valuationRange: ValuationRange,
targetRange: TargetRange
]
static constraints = {
name nullable: true
nbInvestors nullable: true
region nullable: true
nbDays nullable: true
success nullable: true
equity nullable: true
currency nullable: true
target nullable: true
raisedAmount nullable: true
url nullable: true, unique: true
valuation nullable: true
}
}
Sector.groovy :
class Sector {
String name
static hasMany = [
projects: Project
]
static constraints = {
name unique: true
}
#Override
public String toString() {
return name
}
def getNbProjects() {
projects.size()
}
}
Site.groovy
class Site {
String name
static hasMany = [
projects: Project
]
static constraints = {
name unique: true
}
#Override
public String toString() {
return name
}
}
Change the class like so:
class Project {
...
Site site
Sector sector
static belongsTo = [Site, Sector]
}
I am facing problem with Grails model association. Here is problem:
Subscriber and Customer are extended from PartyRole.
A customer may have many subscribers and a subscriber belongs To customer.
A Party may have many PartyRole.
Person and Organization are extended from Party.
A Person belong to Organization.
A Person has many Profile and a profile belongs to Person.
Now I want to edit currently logged-in user(subscriber) which is basically organization type mean has organization properties like orgName and orgSize.
I can find Person(firstName and lastName) and Profile (emails) details using logged-in user(subscriber) but not able to get Organization details. Code is following.
def profile = {
Subscriber loggedinSubscriber = Subscriber.get( springSecurityService.principal.id )
if (loggedinSubscriber == null){
redirect(controller: "login" , action:"login");
}
else{
println loggedinSubscriber
Party person = Person?.get(loggedinSubscriber.party.id)
Party org = Organization?.get(loggedinSubscriber.party.id)
Profile profile = person?.profile
[userInstance: person, authorityList: sortedRoles()]
}
}
When I tried to get Organization details with
Party org = Organization?.get(loggedinSubscriber.party.id)
I got null value but in same way I can get Person details using logged-in user(subscriber) and both are extended from Party.`
Any idea to how to get Organization details.
Person:
package com.vproc.member
import com.vproc.enquiry.Enquiry;
import com.vproc.enquiry.Membership;
import com.vproc.enquiry.Notification;
import com.vproc.enquiry.Team;
class Person extends Party{
String firstName
String lastName
Profile profile
static belongsTo = [Organization]
static constraints = {
lastName nullable:true
firstName blank:false
}
}
**Organization:**
package com.vproc.member
import java.util.Date;
class Organization extends Party{
String orgName
Person contact
int orgSize
boolean isVendor
static constraints = {
}
}
Profile:
package com.vproc.member
import java.util.Date;
import com.vproc.enquiry.Enquiry;
import com.vproc.enquiry.Membership;
import com.vproc.enquiry.Team;
class Profile {
String emailAddress // field governed by privacy policy
String phoneNumber // field governed by privacy policy
Date dateCreated
Date lastUpdated
boolean isDefaultProfile
String status
static belongsTo = [person:Person]
//ProfilePrivacyLevelEnum privacyLevel = ProfilePrivacyLevelEnum.Private
static constraints = {
}
}
Subscriber:
package com.vproc.member
import java.util.Date;
import com.vproc.common.StatusEnum;
import com.vproc.enquiry.Discussion;
import com.vproc.enquiry.Enquiry;
import com.vproc.enquiry.Membership;
import com.vproc.enquiry.Notification;
import com.vproc.enquiry.SharedEnquiry;
import com.vproc.enquiry.Team;
import com.vproc.order.Seat;
class Subscriber extends PartyRole{
transient springSecurityService
String username
String password
boolean enabled
boolean accountExpired
boolean accountLocked
boolean passwordExpired
StatusEnum status
Date dateCreated
Date lastUpdated
List<Contact> contacts ;
static belongsTo = [ customer: Customer]
static hasMany = [seats: Seat, ownedEnquiries: Enquiry,enquiresSharedWith: SharedEnquiry, enquiriesSharedBy: SharedEnquiry ,
managedTeams: Team , memberships: Membership, contacts: Contact , sharedByContacts: SharedContact, sharedWithContacts: SharedContact,
vContacts: VContact, partOf: VContact, sharedbyVContacts: SharedVcontact, sharedWithVcontacts: SharedVcontact,
notifications: Notification, discussions: Discussion]
static mappedBy = [ managedTeams : "manager" , enquiresSharedWith: "sharedWith" , enquiriesSharedBy: "sharedBy" ,
sharedByContacts : "sharedBy" , sharedWithContacts : "sharedWith" ,
vContacts: "forSubscriber" , partOf :"ofContact",
sharedbyVContacts: "sharedby" , sharedWithVcontacts :"sharedWith"
]
static constraints = {
username validator : { val , obj ->
if (obj.status != StatusEnum.Pending)
val!= null
}
username unique: true
password validator : { val , obj ->
if (obj.status != StatusEnum.Pending)
val != null
}
contacts nullable: true
notifications nullable : true
username nullable: true
password nullable: true
}
static mapping = {
password column: '`password`'
}
Set<Role> getAuthorities() {
SubscriberRole.findAllBySubscriber(this).collect { it.role } as Set
}
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password)
}
}
Party:
package com.vproc.member
import java.util.Date;
class Party {
Date dateCreated
Date lastUpdated
static constraints = {
}
static mapping = {
tablePerHierarchy false
}
}
PartyRole:
package com.vproc.member
import java.util.Date;
class PartyRole {
Party party
Date dateCreated
Date lastUpdated
static constraints = {
}
static mapping = {
tablePerHierarchy false
}
}
BootStrap:
class BootStrap {
def init = { servletContext ->
def userRole = Role.findByAuthority('ROLE_USER') ?: new Role(authority: 'ROLE_USER').save(failOnError: true)
def adminRole = Role.findByAuthority('ROLE_COMPANY_ADMIN') ?: new Role(authority: 'ROLE_COMPANY_ADMIN').save(failOnError: true)
def guestRole = Role.findByAuthority('ROLE_GUEST') ?: new Role(authority: 'ROLE_GUEST').save(failOnError: true)
def csrRole = Role.findByAuthority('ROLE_CSR') ?: new Role(authority: 'ROLE_CSR').save(failOnError: true)
//PersonRole.create adminUser, adminRole
def address = new Address( city : 'Pune' , stateCode : 'MH' , countryCode : 'IN' )
def adminProfile = Profile.findByEmailAddress('sachin.jha#gmail.com' )?: new Profile(
privacyLevel: ProfilePrivacyLevelEnum.Private,
emailAddress: "sachin.jha#gmail.com" ,
phoneNumber: "9325507992",
status : 'Active'
).save( failOnError: true)
def adminPerson = Person.findByProfile( adminProfile) ?: new Person( firstName: 'admin' , lastName : 'user' , profile: adminProfile).save( failOnError: true) ;
def vprocOrganization = Organization.findByOrgName('VPROCURE') ?: new Organization ( orgName: 'VPROCURE' , orgSize : 100 , mailingAddress: address, contact: adminPerson ).save( failOnError: true)
def vprocCustomer = Customer.findByParty( vprocOrganization) ?: new Customer ( party: vprocOrganization, status: StatusEnum.Active ).save(failOnError: true) ;
def adminUser = Subscriber.findByUsername('admin') ?: new Subscriber( username : 'admin' , password : 'passw0rd' , enabled: true , party: adminPerson, customer: vprocCustomer , status: StatusEnum.Active ).save( failOnError: true)
if ( !adminUser.authorities.contains(adminRole)){
SubscriberRole.create adminUser, adminRole
}
JSON.registerObjectMarshaller(Date) {
return it?.format("MM/dd/yyyy")
}
def userProfile = Profile.findByEmailAddress( 'sachin.jha.user#gmail.com') ?: new Profile(
privacyLevel: ProfilePrivacyLevelEnum.Private,
emailAddress: "sachin.jha.user#gmail.com",
phoneNumber : "9325507992",
status : 'Active'
).save( failOnError: true)
def userPerson = Person.findByProfile( userProfile) ?: new Person( firstName: 'plain' , lastName : 'user' , profile: userProfile).save( failOnError: true) ;
def plainUser = Subscriber.findByUsername('plainuser') ?: new Subscriber( username: 'plainuser', password : 'passw0rd' , enabled: true , party: userPerson, customer: vprocCustomer , status: StatusEnum.Active ).save( failOnError : true )
if ( !plainUser.authorities.contains(userRole)){
SubscriberRole.create plainUser, userRole
}
/*vprocCustomer.addToSubscribers(amdinUser)
vprocCustomer.addToSubscribers(plainUser)
vprocCustomer.save( failOnError : true);*/
}
def destroy = {
}
}
Just change in Person domain class
static belongsTo = [Organization]
to
static belongsTo = [organization:Organization]
and access organization info from person instance with person.organization