/
authorityGroupClass.gdoc
41 lines (29 loc) · 2.23 KB
/
authorityGroupClass.gdoc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
This Spring Security plugin provides you the option of creating an access inheritance level between 'person' and 'authority': the 'group'. The next three classes you will read about (including this one) are only used in a 'person'/'group'/'authority' implementation. Rather than giving a 'person' authorities directly, you can create a 'group', map authorities to it, and then map a 'person' to that 'group'. For applications that have a one or more groups of users who need the same level of access, having one or more 'group' instances makes managing changes to access levels easier because the authorities that make up that access level are encapsulated in the 'group', and a single change will affect all of the users.
Assuming you chose run the [s2-quickstart-groups|Scripts] script instead of the [s2-quickstart|Scripts] script and use @com.mycompany.myapp@ as your package and @Group@ and @Role@ as your class names, you'll generate this class:
{code}
package com.mycompany.myapp
class Group {
String name
static mapping = {
cache true
}
Set<Role> getAuthorities() {
GroupRole.findAllByGroup(this).collect { it.role } as Set
}
static constraints = {
name blank: false, unique: true
}
}
{code}
When running the [s2-quickstart-groups|Scripts] script the 'person' class will be generated a little differently to accommodate the use of groups. Assuming you use @com.mycompany.myapp@ as your package and @User@ and @Group@ as your class names, the @getAuthorities()@ method will be generated like so:
{code}
Set<Group> getAuthorities() {
UserGroup.findAllByUser(this).collect { it.group } as Set
}
{code}
The plugin assumes the attribute @authorities@ will provide the 'authority' collection for each class, but you can change the field names in @grails-app/conf/Config.groovy@. You also must ensure that the property @useRoleGroups@ is set to @true@ in order for @GormUserDetailsService@ to properly attain the @authorities@.
{table}
*Property* | *Default Value* | *Assigned Value Using s2QuickstartGroups* | *Meaning*
useRoleGroups | false | true | Use 'authority group' implementation when loading user authorities
authority.groupAuthorityNameField | null | 'authorities' | AuthorityGroup class role collection field
{table}