This is the first time i have attempted to use spring security UI in my Grails application.
I am currently using Spring Security Core and it works fine but I like the ideas of the UI plugin.
I have read through the documentation and I cannot see any single commant to run to set everything up with default values. Keeping in mind I have Spring Security Core already running.
Can anyone please help me out.
Thanks
You just need to override your auth view using
grails s2ui-override auth
Related
I have upgraded Grails and Spring Security to latest (3.3.0.RC1 and 3.2.0.M1 respectively) by following all of the migration paths but now my annotations no longer work. Control follows through to my not authorised callback (grails.plugin.springsecurity.adh.errorPage).
I have my own list of enum backed Permissions that I use to populate my list of authorities which are being correctly loaded for my user object but they no longer work in my annotations using the hasRole expression as follows;
#Secured(["hasAnyRole('PERM_VIEW_REPORTS'"])
other expressions are working fine such as the following
#Secured("authentication.name == 'sys_admin'")
#Secured("hasRole('PERM_VIEW_REPORTS')")
I don't suppose anyone has had any similar experience with the latest Spring Security release for Grails. Remember the above has worked perfectly until I upgraded but I don't see anything in the migration path that suggests there might be a problem with this system.
Thanking for any suggestions in advance.
This came down to the "ROLE_" prefix being mandatory again in the new Spring Security 3.2.0.M1 release. As can be seen from above, I had being using a "PERM_" prefix up to now to indicate that I'm using a permission based instead of role based paradigm.
I'm hoping to add this to the migration guide for the plugin as it's a major omission AFAIC. I would hope this would become a configuration option for the plugin in a future release.
EDIT:
It turns out Spring Security have introduced new methods hasAuthority() and hasAnyAuthority() which do not use the default role prefix and so can be used in place of hasRole() and hasAnyRole().
I have forked and updated the Spring Security docs for 3.2 and sent a pull request.
Please try with
#Secured ('ROLE_USER')
If you're trying to secured with more than one Role
#Secured(['ROLE_USER','ROLE_ADMIN'])
I am attempting to use the Grails Spring Security Core plugin. I would like to override the login functionality, which is 'login/authenticate'. I searched through the spring-security-core plugin source and wasn't able to find the 'authenticate' method, and its not in the generated LoginController.
https://github.com/grails-plugins/grails-spring-security-core/blob/master/grails-app/controllers/grails/plugin/springsecurity/LoginController.groovy
Any guidance would be most appreciated. Thank you in advance.
Spring security is built around filter chains. The correct way would be to create a new filter. You probably need to download the spring grails security core plugin and look at classes like GrailsUsernamePasswordAuthenticationFilter to get a feel for how to do it. Your way forward might be to copy GrailsUsernamePasswordAuthenticationFilter, install it as your authentication filter, and put logging in there.
I am using the new grails 2.3.4 with Spring Security Core 2.0-RC2 plugin. I have generated the domain objects and got also a user via the Bootstrap.groovy into the db. However, I am wondering where to specify a custom login for my page?
Is it also possible to do the sign up process via the spring security plugin?
I appreciate your answer!
Create a gsp in the following pattern: grails-app/views/login/auth.gsp.
This way the default template is automatically replaced.
I have an existing, eclipse based web servlet application that authenticates using http basic authentication. I am looking to convert this to Spring based security. I understand what has to be done programatically, but am having problems with the details of configuring the project itself in eclipse. I am using the Spring STS toolkit, and I am able to successfully import one of the Spring Security sample apps (openid-xml) and it works fine.
My existing application also works properly when run under STS, but without Spring support
I would like a recommendation for either a tutorial on making this conversion, or some useful advice. For example, is it easier to
a) create a new Spring application and try to migrate my existing code into it, or b) try to convert my code by importing the various spring libraries, etc? c) convert my existing app to use maven instead of eclipse (Spring just doesn't seem to want to work without maven, and i am at a loss here) - naturally, I have no idea how to do this.
Any advice will be most gratefully received, after a day of hit and miss frustration.
I have answered my own question, and will try to provide some details for those who may be having the same problem.
First, there is some relatively useless info available on stackoverflow, but some good stuff as well.
This (https://stackoverflow.com/a/14867188/1374167) is completely wrong. It is certainly possible to secure a servlet with Spring Security. The trick is to realize that you are going to have to use Maven and Gradle to build the libraries for Spring and Spring Security.
Once you have built these jar files, you simply import them into Eclipse (it doesn't really seem to matter which version) and set up your web.xml and security contraints.
I used this project as a starting point. It's not perfect, but it got me on the right track, after I updated the spring and spring security jar files. The full blog post is here
I had a frustrating experience getting to this point but I hope this information will help others. It's quite simple once you understand what to do.
I m using spring security core plugin 1.2.7.2 and spring security ui 0.2 versions for my application.
I couldn't log on using the credentials I created. The new user is in the database. I looked around I read about double encryption password issues going on between core and ui plugin. The issue is still persisting. I got it worked by commenting the beforeInsert/beforeUpdate methods in the User Domain class. I was wondering if the issue is fixed in the new version?
Is there a different workaround for this? Please advice
Thanks much
There's a setting for this in the latest release (0.2) - see the grails.plugins.springsecurity.ui.encodePassword setting in the "Password Encryption" section in section 10 of the docs: http://grails-plugins.github.com/grails-spring-security-ui/docs/manual/