Using spring security plugin with alternative database schema - grails

i want to use spring security and to map my model to a simplistic database schema.
According to this: http://docs.spring.io/spring-security/site/docs/3.0.x/reference/springsecurity-single.html#db_schema_users_authorities (section user schema), i can have a that match the one i have.
Note that this schema is the basic schema of tomcat with the database realm.
But i don't know how to tell spring to which schema i use and what are the tables to use wich what fields.

If you're using the Grails Spring Security plugin you're lookingin the wrong place - you don't configure it using standard Spring Security but within the plugin itself.
This is a common enough customization that it has its own chapter in the plugin docs - see https://grails-plugins.github.io/grails-spring-security-core/guide/userDetailsService.html

Related

Spring session with back end api's instead of JDBC

I have been exploring on spring-session framework for session management in our application, and we want to store session in database. I understand that spring provides implementation with JDBC and we can configure our own DataSource. The problem I'm facing is that we don't have direct access to db and need to make web service call to do any sort of crud operations.
So, is there a way to integrate spring-session to consume web services for session related crud operations in db ?
Another question is, can we change the schema for session related tables. I know that we can change the table names, but is it possible to add or remove further columns in the given tables ?
You can employ your custom session repository fairly easy - use #EnableSpringHttpSession (which imports SpringHttpSessionConfiguration) to configure common Spring Session components and register your SessionRepository implementation #Bean.
Regarding more advanced customization of schema used by JdbcOperationsSessionRepository, this was considered during implementation of JDBC support however decision was made not to provide this initially. If you need this feature please consider creating an feature request in Spring Session issue tracker.

spring security rest plugin for grails and multiple datasources

We are using multiple datasources distributed across regions. Each datasource is meant to handle all data related to all users of the region including security related data such as roles, tokens etc. I can not have all security related information in one datasource.
Does Spring security rest plugin for Grails support this setup? From what I understand it always looks at the default datasource for all authentication related tables and stores all tokens in default datasource alone.
Could someone confirm this? If the plugin supports multiple datasources, how to make it work?
Our environment:
Grails 2.4.4
Spring security rest plugin 1.5.3
Spring security core 2.0-RC4
Postgresql 9.5
Grails supports multiple datasources:
http://docs.grails.org/2.4.4/guide/single.html#multipleDatasources
In order to adjust Spring security core, one relatively easy option, would be to provide an alternative userDetailsService. (method: loadUserByUsername(String username) could be customized to do that)
Which is in use by the DAOAuthenticationProvider to get user's details.
At that point, You would probably need to access more parameters from the request, to determine which datasource to access. So, the request object could be obtained using (for grails 2.x.x):
GrailsWebRequest webUtils = WebUtils.retrieveGrailsWebRequest()
def request = webUtils.getCurrentRequest()

How to use the Spring Security Core Plugin with the Neo4j GORM plugin

I am trying to use the Spring Security Core plugin in a Grails project using the Neo4j GORM plugin.
As far as I can see I have two options:
Use the Spring Security Core plugin as is and persist it's data to say MySQL while using Neo4j for the rest of the application data.
Use a custom UserDetailsService.
Does anyone have an example of the latter?
pjdv
You mean like the one in the documentation? http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/11%20Custom%20UserDetailsService.html
Since the Neo4j plugin is GORM compliant, spring-security-core's GormUserDetailsService should work out of the box.

How to use spring security with activity

I use Spring Security 3 for my project, and now I want to use Activiti to model the business work flow. As we know, spring security has its own database schema including the tables like "User","Role","Authority" and acivity also has some of its own schema.How can i integrate these two.Any idea.Am a beginner to activity please explain me in detail.Thank you
Here you can find some information..

Grails Spring Security plugin Access Control/Authorization without Authentication?

My problem:
I would love to use the Spring Security plugin's access control/authorization mechanism with my Grails application without having to use the plugin's authentication mechanism. The various Grails Spring Security plugin examples (like this one) I've found combine these two functions. Is there an easy way to just do access control?
Background:
I would like to add roles-based access control to my existing app. I would love to either just annotate my controllers or use the Config.groovy map approach for setting up the access control.
My app already has a user domain class.
The user domain class already handles encrypting passwords using BCrypt.
The app does not have a "role" domain class.
I already have controller actions, views and business logic for handling logging in and logging out. I have no interest in replacing this with the plugin's implementation.
On the right track, but not quite helpful:
I know this is possible to do, as explained in this other question: BUT, that questions and its answers explains how to do it in a Java app using the raw Spring Security framework. I would love for someone to lay out how to do this in a way that is compatible with the latest version (1.2.7.3 as of this writing) of the Grails Spring Security plugin. I don't want to reinvent wheels that have already been taken care of by the plugin.
In addition, this example explains how to do some of this, but it appears to be outdated because it is based on an older version of the plugin that uses Spring Security 2.x. It also only uses custom authentication for one piece of the app, while it looks like it still uses the Spring Security plugin's domain classes elsewhere.
How to do it?
Can someone lay out an approach for me?
I assume I need to create my Role domain class.
After that I assume it will involve custom Authentication objects and the like. But how do I hook them into use the plugin's existing code?
You could go with a custom authentication provider and I have an updated version that I did as part of a recent talk. See this blog post which has a sample app and link to a video of the talk: http://burtbeckwith.com/blog/?p=1090
It would be simple to use a custom UserDetailsService - this is the most common customization done for the plugin and it so has its own chapter in the docs: http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/11%20Custom%20UserDetailsService.html
Basically you need to create a Spring Security User instance and Spring Security (and the plugin) doesn't care how you get the data. So your custom UserDetailsService just needs to be a bridge between your current auth scheme and Spring Security.
I ended up creating my own access control/authorization mechanism rather than using the Spring Security plugin. I never could figure out how to separate the plugin's authentication mechanism from the authorization mechanism. Doing the work myself was very easy.
I did the following:
Created a new Role domain class.
Added a Set property and hasMany relationship to my User domain class.
Created a new AuthorizationFilters filter. This is where I put in my authorization rules. In this filter I can check to see if a user has the role necessary to access the given URL and redirect to a login page, redirect to a "not authorized page" or allow them to pass.
This doesn't have the nice syntactic sugar of the plugin and isn't quite as concise either, but it was very easy to implement and understand.

Resources