I am using spring security in grails and need authenticate (a) customer in my Customer class and I don't want use Role class or such a thing just want use authentication and annotation.
My customer just log in and with the log in must be authenticated.
Any body have done that ?
How I can write my own provider calss for authentication a customer?
I need some code to see how it's working
Thanks
The Spring Security Core plugin has to be the single best documented plugin available for Grails. Check out Peter's tutorials here. The two videos and code samples on that page should be more than enough to get you going.
If after watching Peter's videos you are still not satisfied take a look at the official Spring Security Core docs here. Section 5.4 covers what you want to know.
In short, if you want to use annotations in each controller and don't care about the user's role then the following code will make sure they are logged in. Placing this at the top of the controller you are worried about will make it so all actions in that controller require a user to be logged in.
import grails.plugins.springsecurity.Secured
#Secured(['IS_AUTHENTICATED_FULLY'])
Related
I need to authenticate the users of my application using spring security but I need to have a 3 field authentication which will have a username, password and companycode. Since the app is handling too many companies so it needs to have the company code.
I have been trying to address this issue and have came across this link which is written by #BurtBeckwith -
http://burtbeckwith.com/blog/?p=1090
Now questions and doubts arises because this blog was written in 2011 and was used at the time of Grails 1.4. So have anyone came across any such issue in the recent past? Still we need to change this much to implement the 3 field login?
Are there any shortcuts to implement this?
Even though much has changed in the world of Grails since Burt wrote that blog entry, Spring security itself has not changed fundamentally.
The approach he outlines is still arguably the best approach to adding additional authentication credentials (e.g. organization) without limiting your ability to further enhance security to leverage this additional paradigm.
So in short, no there are no shortcuts to implement this. As Burt has said many times, doing security right is hard. However, if you do it right, you don't have to worry about it after it is done.
Hi i am new to ZF2 and i am trying to understand the main concepts by creating an extended application to learn all about ZF2 and test my knowledge.
Please forgive me if my questions sound stupid or if i didnt get some things along the way when using things, i try to learn while i go.
At this point i want to integrate Authentication and ACL to my project and i need some questions answered for my general understanding of how this process works and how i can use it.
I already integrated a Login Form so i can Authenticate, and it is possible for me to do so, a PHP Session Cookie is created and i can identify a user through hasIdentity() in the AuthService.
As i am about to create ACL, of which i read the documentation and think i understood it, how am i able to check on every page request of my application if a user has access to certain pages/controllers etc.
From what i read and think it must be in the bootstrap of the module, so that on every page load the user is identified and ACL is checked for access.
if the user has the right he is granted access and requested page i loaded but if he doesnt have access he gets redirected to any other page (index/index or error page etc.)
But so far i couldnt find any useful tutorial or really good advice on how to create a bootstrap for my module and how to realise that pre-load access check.
are there any useful articles (with code pls for better understanding) or tutorials on how to make auth acl and module bootstrap work and work together?
Are there any other things that i must take care of when trying to get my user system to work?
thanks in advance for any advice!
happy new year btw :)
Ive been working on the same problem recently and i came across a tutorial that can be modified to bootstrap some auth checks.
http://akrabat.com/zend-framework-2/simple-logging-of-zf2-exceptions/
I hope this helps :)
Hi I need to use ACL in a situation where user can only login through third party service like facebook google etc and their are only two roles guest and user. Right now I am using \Zend\Authentication\Storage\Session() to store user object in session after authentication, but I don't want to apply checks on my every action to know the status of user. I want to keep it simple by using a simple access control list. I have checked many modules like zfcUser etc but they are far more complex than what I actually need. I tried to build my own ACL plugin but the documentation is not good enough and the tutorials on zf2 ACL are focusing on different cases.
Thanks in Advance for your help
Maybe this module can help:
BjyAuthorize
This module is designed provide a facade for Zend\Permissions\Acl that will ease its usage with modules and applications. By default, it provides simple setup via config files or by using Zend\Db or Doctrine ORM. This module also comes with out-of-the-box support for and integration with ZfcUser.
I am building a project management app and I am not sure which is the best/correct authorization model to implement given I am new to Rails (and programming in general). Here is what I am trying to do.
I want to be able to add a "client" to the application and then multiple projects to a client. I would like to be able to add users (that are essentially representatives of the client) to view that clients multiple projects but not other clients. I intend on having controllers for time tracking, notes, comments and images all to be associated with both clients and project of that client.
In addition, I would like to set up the account to control who is able to have one. I don't need the user to establish an account on their own.
Does that make sense?
I believe what you are mentioning is called Authorization not Authentication, anyway:
I would suggest acl9 for authorization and authlogic for authentication.
These (free) Railscasts should give you some food for thought. There are lots of great RubyGems/plugins out there for this sort of thing.
The Ruby Toolbox gives you an overview of tools and their popularity in the rails community (rated by watchers and forkers on GitHub). As you can see there, the suggested plugins restful_authentication and authlogic are almost on the same level.
Restful Authentication is still the golden standard for user authentication in ruby on rails.
I have used Authorization plug-in in the past and like it because it gives some nice meta methods such as:
user.is_eligible_for_what --> returns array of authorizable objects for which user has role "eligible"
user.is_moderator_of? group --> returns true/false
user.is_moderator_of group --> sets user to have role "moderator" for object group.
user.is_administrator --> sets user to have role "administrator" not really tied to any object.
There's also a brand new RailsCast on CanCan.
I'd use AuthLogic for authentication (logging in users and making sure they are who they claim to be) and declarative_authorization for authorization (making sure they have access to resources). See Ryan Bates' excellent Railscasts on AuthLogic and restful_authentication for more info.
I just wanted to compare different solutions used when implementing ACLs in Rails.
I use the authorization plugin (Created by Bill Katz):
Roles can be authorized for the entire application, a model class, or a specific object. The plugin provides a way of checking authorization at the class or instance method level using permit and permit? methods. It also provides english-like dynamic methods like "user.is_manager_of project" (where "user" acts as authorized, "manager" is a role, and "project" is an authorizable model). You can specify how control is redirected if authorization is denied. (quote source)
Homepage:
http://www.writertopia.com/developers/authorization
Docs:
http://github.com/DocSavage/rails-authorization-plugin/tree/master/authorization/README.rdoc
You might also be interested in reading this comparison (from last year but still somewhat useful; it's where I got the above quote from):
http://www.vaporbase.com/postings/Authorization_in_Rails
And a more recent comparison:
http://steffenbartsch.com/blog/2008/08/rails-authorization-plugins/
The best I've found is role_requirement. It plugs straight into the restful_authentication plugin.
There's a plugin called acl_system2 which operates by having a users table and a roles table. There's a lot more useful information in the README and the project is on github too.