in a struts application, I have a filter that forces certain pages to be accessed only over https via redirection. I'm thinking in porting it to grails so my question is: In the this environment, is there a "grails" way to implement such filter or is it similar/the same as I did ? Thanks
The Spring Security core plugin has support for this. See section 17 - "Channel security"
Related
I am using the Grails Security Plugin im my application and I appreciate it really.
Spring security automatically adds several headers to the https responses in order to avoid the caching of sensitive pages in the browser cache. I would like to disable that for non confidential informations like, for instance, fonts.
Native Spring security allows that through the <http>, <headers> and <cache-control disabled="true"> configuration elements.
While that would be simple with an XML config, I can't figure out the way to add the equivalent of to the configuration of the security plugin. Any hints?
I am using Grails 3.2.9, and security plugin 3.1.1.
I'm using the ActiveMQ plugin for Grails (2.4.x) and it's messing with SSL connections. By messing with SSL connections I mean it's not allowing a client browser to connect to the Grails application using SSL.
Any attempt to connect to the SSL port (no matter what it's set to) for the web application results in ERR_SSL_PROTOCOL_ERROR being reported by the browser.
If I disable the plugin SSL works just fine.
I've reviewed the plugin source code and I don't see anything in there that should be doing this.
I'm at a complete and total loss and it's driving me mad. I'm not sure what other information I can provide to assist others in helping me but I'm hopeful that someone out there can point me to some kind of ActiveMQ setting that I can use to disable this odd behavior.
The included libraries from the plugin are as follows:
activemq-broker-5.10.1.jar
activemq-client-5.10.1.jar
activemq-jms-pool-5.10.1.jar
activemq-openwire-legacy-5.10.1.jar
activemq-pool-5.10.1.jar
activemq-spring-5.10.1.jar
As it turns out this is because Active MQ detects if the "Bouncy Castle" security provider is available on the classpath and will add it into the java.security.Security providers in the second position when it creates the broker.
Unfortunately there isn't an option within Active MQ to disable this feature, and it was discussed briefly in the JIRA and determined this wouldn't ever be an option.
Since this project also uses the crypto:2.0 plugin for Grails it was loading the Bouncy Castle security provider for the JVM. As a standalone this would be fine for Active MQ to do this, but when embedded into Tomcat this was causing issues with SSL. Not sure why exactly the Bouncy Castle provider wasn't handling SSL TLS correctly, but adding the following to BootStrap.groovy removes it from the providers and fixes the issue.
java.security.Security.removeProvider('BC')
In this project we are using ActiveMQ within the virtual machine and have no need for any additional security providers for Active MQ to use for SSL connections since it won't be using them anyway.
We have a product developed in grails 1.3.7 that supports Kerberos and ADS/LDAP authentication. The application is deployed in different environments. Some deployments are running as SaaS. The SaaS deployments don't require kerberos authentication. There is a dummy keytab file placed within the application and the same credentials are configured in the config.groovy as default to start the application without failing (if they are missing, application will not start). This blog helped me a lot while integrating kerberos
The authentication is working fine in all cases. Some customers accessing the SaaS application from their intranet domain are complaining extreme slowness(3-5 minutes) in the response after kerberos integration. When they access from out of the domain, it seems to be pretty faster. Mostly they are using IE browser. But when I tested the same from our domain, I don't see any issue. It loads in 5-7 seconds. So I am not sure if this is something related to their IE configuration or security policy?
Now I want to disable the Kerberos authentication in the application for specific deployments only. I don't want to keep two versions of the code. But I don't see any configuration with spring-security-kerberos plugin to do so.
Spring Security plugins used in the app are
spring-security-core=1.1.2
spring-security-kerberos=0.1
spring-security-ldap=1.0.5
Is it possible to enable/disable kerberos authentication for specific deployment alone or do I need to have 2 versions with and without kerberos?
Will any IE configuration help to solve this?
In the environments you want to disable spring -security just specifiy
grails.plugins.springsecurity.active = false
in your Config.groovy file, that is it.
I have a Java EE app where I use JSF2 + PrettyFaces + EBJ3 + Glassfish
I just recently updated to Glassfish4 which is the default Server implementation for Java EE 7 and I started getting issues with PrettyFaces.
I have configured on my faces-config.xml:
<lifecycle>
<phase-listener>com.ocpsoft.pretty.faces.event.MultiPageMessagesSupport</phase-listener>
</lifecycle>
to enable for Faces Messages to be passed around correctly and displayed on screen.
But since I upgraded from Glassfish3 to 4 I started getting this issue:
java.lang.IllegalStateException: Cannot create a session after the response has
been committed
...
at com.ocpsoft.pretty.faces.util.FacesMessagesUtils.saveMessages(FacesMe
ssagesUtils.java:56)
at com.ocpsoft.pretty.faces.event.MultiPageMessagesSupport.afterPhase(Mu
ltiPageMessagesSupport.java:66)
If I remove the listener from faces-config.xml none of the Faces messages are displayed on screen.
I am using PrettyFaces to have nice well formatted URLs to enhance SEO on my site. I wish I couldn't have to replace it or refactor my app to not use it since I already mapped a lot of the navigation flow using it. Does somebody know a better option for this scenario?
I really appreciate any suggestions. Thanks.
I don't recommend to use MultiPageMessagesSupport if you are deploying to a "modern" container with JSF 2.2 support. The MultiPageMessagesSupport phase listener has been developed for JSF 1.x. JSF 2.x added support for persisting messages across redirects. Just execute this code before redirecting:
FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(true);
We are trying to look for plugins for Grails to make a CMS site. Any suggestions?
Check out Weceem at
http://www.weceem.org/weceem/
I've never used it but apparently it can be used as a stand-alone site or integrated into an existing grails app as a plugin.
There is also Alfresco plugin, though it's likely more focused on the document management side of Alfresco (it allows both Document Management and Web Content Management).