Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GRAILSPLUGINS-2248 and GRAILSPLUGINS-2241
- Loading branch information
1 parent
d5dbe2f
commit 60882b8
Showing
2 changed files
with
43 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
30 changes: 30 additions & 0 deletions
30
...a/org/codehaus/groovy/grails/plugins/springsecurity/NullAuthenticationEventPublisher.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
package org.codehaus.groovy.grails.plugins.springsecurity; | ||
|
||
import org.springframework.security.authentication.AuthenticationEventPublisher; | ||
import org.springframework.security.core.Authentication; | ||
import org.springframework.security.core.AuthenticationException; | ||
|
||
/** | ||
* @author <a href='mailto:burt@burtbeckwith.com'>Burt Beckwith</a> | ||
*/ | ||
public class NullAuthenticationEventPublisher implements AuthenticationEventPublisher { | ||
|
||
/** | ||
* {@inheritDoc} | ||
* @see org.springframework.security.authentication.AuthenticationEventPublisher#publishAuthenticationFailure( | ||
* org.springframework.security.core.AuthenticationException, | ||
* org.springframework.security.core.Authentication) | ||
*/ | ||
public void publishAuthenticationFailure(AuthenticationException e, Authentication a) { | ||
// do nothing | ||
} | ||
|
||
/** | ||
* {@inheritDoc} | ||
* @see org.springframework.security.authentication.AuthenticationEventPublisher#publishAuthenticationSuccess( | ||
* org.springframework.security.core.Authentication) | ||
*/ | ||
public void publishAuthenticationSuccess(Authentication a) { | ||
// do nothing | ||
} | ||
} |
60882b8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Couple of things
60882b8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The NullAuthenticationEventPublisher is required because the ProviderManager bean is configured separately from the event publisher. Doing it the way I did creates an 'authenticationEventPublisher' bean either way. So you have three options: don't use any events (useSecurityListener=false), use events the way I've configured them (useSecurityListener=true), or override the 'authenticationEventPublisher' bean in resources.groovy with a custom implementation.
This pattern is used throughout the plugin, where I create the same bean that Spring Security would have created by default, but by explicitly creating it as an injected named bean it can be overridden easily.
60882b8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. So, now i need to explicitly specify in the configuration (i.e, useSecurityListener=true) to receive events. I would expect events to be thrown by default and switched off if needed. Shouldn't this be the default behavior?
60882b8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, we came across one more issue.We were unable to receive UsernameNotFoundException exception as the field hideUserNotFoundExceptions is set to true by default in AbstractUserDetailsAuthenticationProvider.It would be great if you can make it configurable in the plugin :)
60882b8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please create an issue at http://jira.codehaus.org/browse/GRAILSPLUGINS and I'll get it into the next release. Until then you can override the bean in resources.groovy:
60882b8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup. We are currently overriding the resources.groovy. I've logged an issue as well. Thanks.