This is the third in a series of posts making the demo applications that I used for my SpringOne 2GX
presentations available. I'll describe here how to create a Grails application using the Spring Security plugin that authenticates users with HTTP Basic Auth. This was used in the Demystifying Spring Security in Grails talk (you can download the presentation here).
Also refer to the plugin documentation for other tutorials here.
To create an application that authenticates users using HTTP Basic Auth, run
cd springone2gx_basic
To make classpath management simpler in Eclipse/STS I create a grails-app/conf/BuildConfig.groovy (in Grails 1.1 apps; in 1.2 this is done for you) with the line
grails.project.plugins.dir='plugins'
to keep plugins in the project root like in 1.0.x but this is optional.
Next install the plugin:
Run the create-auth-domains script to generate the person, authority, and request map domain classes and also grails-app/conf/SecurityConfig.groovy:
The other two scripts that the plugin provides are optional and create CRUD pages (generate-manager) and basic user registration (generate-registration). It's a good idea to run generate-manager; run generate-registration if it's useful to you.
Unlike the previous two posts, we'll use database Requestmap entries to secure the application in grails-app/conf/SecurityConfig.groovy:
active = true
loginUserDomainClass = 'com.burtbeckwith.springone2gx.User'
authorityDomainClass = 'com.burtbeckwith.springone2gx.Role'
requestMapClass = 'com.burtbeckwith.springone2gx.Requestmap'
}
In Eclipse or STS the steps to configure the classpath are:
- add PLUGIN_DIR/src/groovy as a source folder
- add PLUGIN_DIR/src/java as a source folder
- add PLUGIN_DIR/grails-app/services as a source folder
- add these jars from PLUGIN_DIR/lib
- facebook-java-api-2.0.4.jar
- jcifs-1.2.25.jar
- spring-ldap-1.2.1.jar
- spring-ldap-tiger-1.2.1.jar
- spring-security-core-2.0.4.jar
- spring-security-core-tiger-2.0.4.jar
- spring-security-ntlm-2.0.4.jar
- spring-security-openid-2.0.4.jar
Having done all that, let's create a secured controller:
but we omit annotations since we're using Requestmaps:
def index = {
render 'Secure access only'
}
}
Let's create a user and a request map entry in BootStrap:
import com.burtbeckwith.springone2gx.Role
import com.burtbeckwith.springone2gx.User
class BootStrap {
def passwordEncoder
def init = { servletContext ->
def adminRole = new Role(description: 'Admin', authority: 'ROLE_ADMIN').save()
String password = passwordEncoder.encodePassword('p4ssw0rd', null)
def user = new User(username: 'admin', userRealName: 'me', passwd: password,
enabled: true, email: '[email protected]').save()
adminRole.addToPeople user
new Requestmap(url: '/secure/**',
configAttribute: 'ROLE_ADMIN').save(flush: true)
}
def destroy = {}
}
Next lets configure Basic auth. We enable Basic auth using the basicProcessingFilter attribute and need to set a realm name:
active = true
loginUserDomainClass = 'User'
authorityDomainClass = 'Role'
requestMapClass = 'Requestmap'
basicProcessingFilter = true
realmName = 'springone2gx'
}
There's a small bug in the plugin (which will be fixed in the next release) that requires a tweak in grails-app/conf/spring/resources.groovy:
beans = {
authenticationEntryPoint(BasicProcessingFilterEntryPoint) {
realmName = 'springone2gx'
}
}
The realm name has to match the value specified in SecurityConfig.groovy.
Start the app using
and open http://localhost:8080/springone2gx_basic/secure/ in a browser and it should prompt you to login with a familiar browser popup - use the username and password from the user created in BootStrap to login.
You can download a finished application based on this discussion here
