adding license

aaronzirbes · Jan 9, 2012 · 1af7267 · 1af7267
1 parent 5c43c2d
commit 1af7267
Show file tree

Hide file tree

Showing 14 changed files with 817 additions and 2 deletions.
diff --git a/LICENSE.txt b/LICENSE.txt
diff --git a/SpringSecurityMockGrailsPlugin.groovy b/SpringSecurityMockGrailsPlugin.groovy
@@ -2,6 +2,23 @@ import edu.umn.auth.*
 import org.codehaus.groovy.grails.plugins.springsecurity.SecurityFilterPosition
 import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
 
+	/* 
+	 * Grails Spring Security Mock Plugin - Fake Authentication for Spring Security
+     * Copyright (C) 2012 Aaron J. Zirbes
+	 *
+     * This program is free software: you can redistribute it and/or modify
+     * it under the terms of the GNU General Public License as published by
+     * the Free Software Foundation, either version 3 of the License, or
+     * (at your option) any later version.
+	 *
+     * This program is distributed in the hope that it will be useful,
+     * but WITHOUT ANY WARRANTY; without even the implied warranty of
+     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     * GNU General Public License for more details.
+	 *
+     * You should have received a copy of the GNU General Public License
+     * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+	 */
 class SpringSecurityMockGrailsPlugin {
     // the plugin version
     def version = "0.9"

diff --git a/grails-app/conf/Config.groovy b/grails-app/conf/Config.groovy
@@ -22,3 +22,8 @@ log4j = {
 
     warn   'org.mortbay.log'
 }
+
+grails.doc.authors = 'Aaron J. Zirbes' 
+grails.doc.license = 'GNU General Public License v3' 
+grails.doc.title = 'Grails Spring Security Mock Plugin' 
+
diff --git a/grails-app/conf/DefaultMockSecurityConfig.groovy b/grails-app/conf/DefaultMockSecurityConfig.groovy
@@ -1,12 +1,15 @@
-
 security {
 	mock {
 		// Disabled by default
 		active = false
 
 		fullName = 'Fake User Account'
 		email = 'fake@example.org'
-		username = 'fake user'
+		username = 'fakeuser'
 		roles = [ 'ROLE_USER', 'ROLE_ADMIN' ]
 	}
 }
+
+// Suggested defaults
+// grails.springsecurity.ipRestrictions = [ '/**': ['127.0.0.0/8', '::1/128'] ]
+
diff --git a/src/docs/guide/1. Introduction.gdoc b/src/docs/guide/1. Introduction.gdoc
@@ -0,0 +1,9 @@
+The Mock plugin adds support for adding "mock" authentication to a Grails applications that uses Spring Security.  It depends on the Spring Security Core plugin.
+
+This is helpful when the spring security implementation is tied to localized infrastructure such as LDAP, CAS, Shibboleth, or something of the like.
+
+The username and roles mocked up by the plugin are configurable within your Config.groovy file.
+
+It is suggested that you restrict spring security to only allow access from localhost when using this plugin to prevent unwanted access to your application when authentication is being bypassed.
+
+It is recommended that you wrap the configuration settings for this pluggin to only load when in development, or possibly test mode.
diff --git a/src/docs/guide/1.1 History.gdoc b/src/docs/guide/1.1 History.gdoc
@@ -0,0 +1,2 @@
+* Version 0.9.0
+** Released January 9, 2012
diff --git a/src/docs/guide/2. Usage.gdoc b/src/docs/guide/2. Usage.gdoc
@@ -0,0 +1,30 @@
+{note}
+This plugin exposes a rather large security hole in your application.  It is HIGHLY recommended that you restrict access to your application to localhost when you are using this plugin, and that you only use this plugin in development mode.  This can be done with the [ipRestrictions|http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/18%20IP%20Address%20Restrictions.html] configuration parameter.
+{note}
+
+When this plugin is enabled, it automatically authenticates anyone using the application as a fake user with fake user roles as defined in Config.groovy.
+
+The recommended configuration settings are what follows:
+{code}
+development {
+	...
+	grails.plugins.springsecurity.mock.active = true
+	grails.plugins.springsecurity.mock.fullName = "Your name here"
+	grails.plugins.springsecurity.mock.email = "Your email address here"
+	grails.plugins.springsecurity.mock.username =  "your.username"
+	grails.plugins.springsecurity.mock.roles = [ 'ROLE_USER', 'ROLE_ADMIN', 'ROLE_WHATEVERELSE' ]
+	grails.plugins.springsecurity.ipRestrictions = [ '/**': ['127.0.0.0/8', '::1/128'] ]
+	...
+}
+{code}
+
+where "Your name here" is the name of the user, "Your email address here" is the email address of the user, "your.username" is the username of the user, and "roles" is a list of roles you wish to be assigned to the user that will be automatically logged into your grails application.
+
+h4. Remember
+This is a dangerous plugin.  You should only enable this plugin for development use.  The example above shows the configuration as being wrapped inside of the "development" closure in the Groovy.config file.
+
+In your staging and production environments, make sure to set
+{code}
+grails.plugins.springsecurity.mock.active = false
+{code}
+
diff --git a/src/docs/guide/3. Configuration.gdoc b/src/docs/guide/3. Configuration.gdoc
@@ -0,0 +1,24 @@
+There are a few configuration options for the "Mock" plugin.
+
+{note}
+This plugin exposes a rather large security hole in your application.  It is HIGHLY recommended that you restrict access to your application to localhost when you are using this plugin, and that you only use this plugin in development mode.  This can be done with the [ipRestrictions|http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/18%20IP%20Address%20Restrictions.html] configuration parameter.
+{note}
+
+{note}
+All of these property overrides must be specified in @grails-app/conf/Config.groovy@ using the @grails.plugins.springsecurity@ suffix, for example
+{code}
+grails.plugins.springsecurity.mock.username = 'aaronzirbes'
+{code}
+{note}
+
+
+
+{table}
+*Name* | *Default* | *Meaning*
+mock.active | @false@ | whether the plugin is enabled or not (e.g. to disable per-environment)
+mock.fullName | 'Fake User Account' | the full name of the mock user being automatically logged in
+mock.email | 'fake@example.org'  | the email address of the mock user being automatically logged in
+mock.username | 'fakeuser' | the username of the mock user being automatically logged in
+mock.roles | [ 'ROLE_USER', 'ROLE_ADMIN' ] | a collection of roles that will be automatically assigned to the mock user being auto-logged in to your application
+{table}
+
diff --git a/src/groovy/edu/umn/auth/MockAuthenticationEntryPoint.groovy b/src/groovy/edu/umn/auth/MockAuthenticationEntryPoint.groovy
@@ -8,6 +8,23 @@ import org.apache.log4j.Logger
 import org.springframework.beans.factory.InitializingBean
 import org.springframework.security.core.AuthenticationException
 import org.springframework.security.web.AuthenticationEntryPoint
+	/* 
+	 * Grails Spring Security Mock Plugin - Fake Authentication for Spring Security
+     * Copyright (C) 2012 Aaron J. Zirbes
+	 *
+     * This program is free software: you can redistribute it and/or modify
+     * it under the terms of the GNU General Public License as published by
+     * the Free Software Foundation, either version 3 of the License, or
+     * (at your option) any later version.
+	 *
+     * This program is distributed in the hope that it will be useful,
+     * but WITHOUT ANY WARRANTY; without even the implied warranty of
+     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     * GNU General Public License for more details.
+	 *
+     * You should have received a copy of the GNU General Public License
+     * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+	 */
 
 /**
  * Processes a mock login request for spring security

diff --git a/src/groovy/edu/umn/auth/MockAuthenticationProvider.groovy b/src/groovy/edu/umn/auth/MockAuthenticationProvider.groovy
@@ -10,6 +10,23 @@ import org.springframework.security.core.authority.GrantedAuthorityImpl
 import org.springframework.security.core.userdetails.UserDetails
 import org.springframework.security.web.util.IpAddressMatcher
 import org.springframework.util.Assert
+	/* 
+	 * Grails Spring Security Mock Plugin - Fake Authentication for Spring Security
+     * Copyright (C) 2012 Aaron J. Zirbes
+	 *
+     * This program is free software: you can redistribute it and/or modify
+     * it under the terms of the GNU General Public License as published by
+     * the Free Software Foundation, either version 3 of the License, or
+     * (at your option) any later version.
+	 *
+     * This program is distributed in the hope that it will be useful,
+     * but WITHOUT ANY WARRANTY; without even the implied warranty of
+     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     * GNU General Public License for more details.
+	 *
+     * You should have received a copy of the GNU General Public License
+     * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+	 */
 
 /**
  * An {@link AuthenticationProvider} implementation that mocks

diff --git a/src/groovy/edu/umn/auth/MockUserDetailsService.groovy b/src/groovy/edu/umn/auth/MockUserDetailsService.groovy
@@ -9,6 +9,23 @@ import org.springframework.security.core.userdetails.AuthenticationUserDetailsSe
 import org.springframework.security.core.userdetails.UserDetails
 import org.springframework.security.core.userdetails.UserDetailsService
 import org.springframework.security.core.userdetails.UsernameNotFoundException
+	/* 
+	 * Grails Spring Security Mock Plugin - Fake Authentication for Spring Security
+     * Copyright (C) 2012 Aaron J. Zirbes
+	 *
+     * This program is free software: you can redistribute it and/or modify
+     * it under the terms of the GNU General Public License as published by
+     * the Free Software Foundation, either version 3 of the License, or
+     * (at your option) any later version.
+	 *
+     * This program is distributed in the hope that it will be useful,
+     * but WITHOUT ANY WARRANTY; without even the implied warranty of
+     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     * GNU General Public License for more details.
+	 *
+     * You should have received a copy of the GNU General Public License
+     * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+	 */
 
 /**
  * Class to load user details from the Config.groovy configuration file

diff --git a/src/java/edu/umn/auth/MockAuthenticationFilter.java b/src/java/edu/umn/auth/MockAuthenticationFilter.java
@@ -7,6 +7,23 @@
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.util.Assert;
+	/* 
+	 * Grails Spring Security Mock Plugin - Fake Authentication for Spring Security
+     * Copyright (C) 2012 Aaron J. Zirbes
+	 *
+     * This program is free software: you can redistribute it and/or modify
+     * it under the terms of the GNU General Public License as published by
+     * the Free Software Foundation, either version 3 of the License, or
+     * (at your option) any later version.
+	 *
+     * This program is distributed in the hope that it will be useful,
+     * but WITHOUT ANY WARRANTY; without even the implied warranty of
+     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     * GNU General Public License for more details.
+	 *
+     * You should have received a copy of the GNU General Public License
+     * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+	 */
 
 /**
  * Processes a {@link MockAuthenticationToken}, and authenticates via Mock authenticator

diff --git a/src/java/edu/umn/auth/MockAuthenticationToken.java b/src/java/edu/umn/auth/MockAuthenticationToken.java
@@ -5,6 +5,23 @@
 import java.util.Collection;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
+	/* 
+	 * Grails Spring Security Mock Plugin - Fake Authentication for Spring Security
+     * Copyright (C) 2012 Aaron J. Zirbes
+	 *
+     * This program is free software: you can redistribute it and/or modify
+     * it under the terms of the GNU General Public License as published by
+     * the Free Software Foundation, either version 3 of the License, or
+     * (at your option) any later version.
+	 *
+     * This program is distributed in the hope that it will be useful,
+     * but WITHOUT ANY WARRANTY; without even the implied warranty of
+     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     * GNU General Public License for more details.
+	 *
+     * You should have received a copy of the GNU General Public License
+     * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+	 */
 
 /**
 	An {@link Authentication} object used to load with the Mock

diff --git a/src/java/edu/umn/auth/MockUserDetails.java b/src/java/edu/umn/auth/MockUserDetails.java
@@ -3,6 +3,23 @@
 import java.util.Collection;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.User;
+	/* 
+	 * Grails Spring Security Mock Plugin - Fake Authentication for Spring Security
+     * Copyright (C) 2012 Aaron J. Zirbes
+	 *
+     * This program is free software: you can redistribute it and/or modify
+     * it under the terms of the GNU General Public License as published by
+     * the Free Software Foundation, either version 3 of the License, or
+     * (at your option) any later version.
+	 *
+     * This program is distributed in the hope that it will be useful,
+     * but WITHOUT ANY WARRANTY; without even the implied warranty of
+     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     * GNU General Public License for more details.
+	 *
+     * You should have received a copy of the GNU General Public License
+     * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+	 */
 
 /**
  * User details for use by the Mock security plugin