Skip to content
Browse files

whitespace

  • Loading branch information...
1 parent e1f7fcd commit 4537a702a623916d5072af520ba7370e405a6ddf @burtbeckwith burtbeckwith committed Jul 30, 2011
Showing with 42 additions and 87 deletions.
  1. +1 −1 grails-app/conf/BuildConfig.groovy
  2. +1 −1 grails-app/domain/test/TestPersistentLogin.groovy
  3. +1 −1 scripts/CreateS2TestApps.groovy
  4. +1 −1 scripts/S2CreatePersistentToken.groovy
  5. +1 −1 scripts/_S2Common.groovy
  6. +2 −3 src/docs/guide/1.1 Configuration Settings Now in Config.groovy.gdoc
  7. +2 −2 src/docs/guide/1.2 Getting Started.gdoc
  8. +5 −6 src/docs/guide/10 Authentication Providers.gdoc
  9. +0 −1 src/docs/guide/11 Custom UserDetailsService.gdoc
  10. +0 −2 src/docs/guide/12 Password and Account Protection.gdoc
  11. +0 −2 src/docs/guide/12.1 Password Encryption.gdoc
  12. +0 −4 src/docs/guide/13 URL Properties.gdoc
  13. +1 −2 src/docs/guide/14 Hierarchical Roles.gdoc
  14. +0 −1 src/docs/guide/15 Switch User.gdoc
  15. +5 −5 src/docs/guide/16 Filters.gdoc
  16. +1 −2 src/docs/guide/17 Channel Security.gdoc
  17. +0 −1 src/docs/guide/18 IP Address Restrictions.gdoc
  18. +1 −2 src/docs/guide/19 Session Fixation Prevention.gdoc
  19. +1 −3 src/docs/guide/2 Differences Between the Spring Security and Acegi Plugins.gdoc
  20. +1 −3 src/docs/guide/20 Logout Handlers.gdoc
  21. +0 −2 src/docs/guide/21 Voters.gdoc
  22. +1 −4 src/docs/guide/22 Miscellaneous Properties.gdoc
  23. +0 −1 src/docs/guide/23 Tutorials.gdoc
  24. +0 −1 src/docs/guide/24 Controller MetaClass Methods.gdoc
  25. +1 −1 src/docs/guide/25 Internationalization.gdoc
  26. +0 −1 src/docs/guide/4.1 Person Class.gdoc
  27. +0 −1 src/docs/guide/4.2 Authority Class.gdoc
  28. +5 −6 src/docs/guide/4.3 PersonAuthority Class.gdoc
  29. +0 −1 src/docs/guide/5 Configuring Request Mappings to Secure URLs.gdoc
  30. +0 −1 src/docs/guide/5.1 Defining Secured Annotations.gdoc
  31. +0 −1 src/docs/guide/5.2 Simple Map in Config.groovy.gdoc
  32. +0 −1 src/docs/guide/5.3 Requestmap Instances Stored in the Database.gdoc
  33. +0 −1 src/docs/guide/5.4 Using Expressions to Create Descriptive, Fine-Grained Rules.gdoc
  34. +0 −1 src/docs/guide/6.3 SpringSecurityUtils.gdoc
  35. +0 −3 src/docs/guide/7 Events.gdoc
  36. +0 −1 src/docs/guide/7.1 Event Notification.gdoc
  37. +0 −1 src/docs/guide/7.2 Registering an Event Listener.gdoc
  38. +0 −1 src/docs/guide/7.3 Registering Callback Closures.gdoc
  39. +1 −1 src/docs/guide/8 User, Authority (Role), and Requestmap Properties.gdoc
  40. +0 −1 src/docs/guide/9.1 Basic and Digest Authentication.gdoc
  41. +0 −1 src/docs/guide/9.4 Ajax Authentication.gdoc
  42. +0 −1 src/docs/ref/Scripts/s2-quickstart.gdoc
  43. +1 −1 src/java/org/codehaus/groovy/grails/plugins/springsecurity/GrailsUser.java
  44. +1 −1 src/templates/LoginController.groovy.template
  45. +1 −1 src/templates/PersistentLogin.groovy.template
  46. +1 −1 src/templates/Person.groovy.template
  47. +2 −2 ...rails/plugins/springsecurity/ChannelFilterInvocationSecurityMetadataSourceFactoryBeanTests.groovy
  48. +1 −1 test/unit/org/codehaus/groovy/grails/plugins/springsecurity/FakeApplication.groovy
  49. +1 −1 webtest/README
  50. +1 −1 webtest/projectFiles/TestUserController_usingSalt_groovy
  51. +1 −1 webtest/tests/RequestmapSecurityTest.groovy
View
2 grails-app/conf/BuildConfig.groovy
@@ -21,7 +21,7 @@ grails.project.dependency.resolution = {
compile('org.springframework.security:spring-security-core:3.0.5.RELEASE') {
transitive = false
}
-
+
compile('org.springframework.security:spring-security-web:3.0.5.RELEASE') {
transitive = false
}
View
2 grails-app/domain/test/TestPersistentLogin.groovy
@@ -26,7 +26,7 @@ class TestPersistentLogin {
token maxSize: 64
id maxSize: 64
}
-
+
static transients = ['series']
void setSeries(String series) { id = series }
View
2 scripts/CreateS2TestApps.groovy
@@ -196,7 +196,7 @@ private void init(String name, config) {
projectDir = config.projectDir
appName = 'spring-security-core-test-' + name
testprojectRoot = "$projectDir/$appName"
-
+
grailsVersion = config.grailsVersion
dotGrails = config.dotGrails + '/' + grailsVersion
}
View
2 scripts/S2CreatePersistentToken.groovy
@@ -46,7 +46,7 @@ private boolean configure() {
String packageName
String className
(packageName, className) = splitClassName(fullClassName)
-
+
String packageDeclaration = ''
if (packageName) {
packageDeclaration = "package $packageName"
View
2 scripts/_S2Common.groovy
@@ -85,7 +85,7 @@ splitClassName = { String fullName ->
packageName = fullName[0..index-1]
className = fullName[index+1..-1]
}
- else {
+ else {
packageName = ''
className = fullName
}
View
5 src/docs/guide/1.1 Configuration Settings Now in Config.groovy.gdoc
@@ -1,14 +1,13 @@
-Unlike the Acegi plugin, which used its own configuration file, @SecurityConfig.groovy@, the Spring Security plugin maintains its configuration in the standard @Config.groovy@ file. Default values are in the plugin's @grails-app/conf/DefaultSecurityConfig.groovy@ file, and you add application-specific values to the @grails-app/conf/Config.groovy@ file. The two configurations will be merged, with application values overriding the defaults.
+Unlike the Acegi plugin, which used its own configuration file, @SecurityConfig.groovy@, the Spring Security plugin maintains its configuration in the standard @Config.groovy@ file. Default values are in the plugin's @grails-app/conf/DefaultSecurityConfig.groovy@ file, and you add application-specific values to the @grails-app/conf/Config.groovy@ file. The two configurations will be merged, with application values overriding the defaults.
This structure enables environment-specific configuration such as, for example, fewer structure-restrictive security rules during development than in production. Like any environment-specific configuration parameters, you wrap them in an @environments@ block.
{note}
-The plugin's configuration values all start with @grails.plugins.springsecurity@ to distinguish them from similarly named options in Grails and from other plugins. You must specify all property overrides with the @grails.plugins.springsecurity@ suffix. For example, you specify the attribute @password.algorithm@ as:
+The plugin's configuration values all start with @grails.plugins.springsecurity@ to distinguish them from similarly named options in Grails and from other plugins. You must specify all property overrides with the @grails.plugins.springsecurity@ suffix. For example, you specify the attribute @password.algorithm@ as:
{code}
grails.plugins.springsecurity.password.algorithm='SHA-512'
{code}
in @Config.groovy@
{note}
-
View
4 src/docs/guide/1.2 Getting Started.gdoc
@@ -1,6 +1,6 @@
-If you will be migrating from the Acegi to the Spring Security plugin, see [Migrating from the Acegi Plugin|guide:3 Migrating from the Acegi Plugin].
+If you will be migrating from the Acegi to the Spring Security plugin, see [Migrating from the Acegi Plugin|guide:3 Migrating from the Acegi Plugin].
-Once you install the plugin, you simply run the initialization script, [s2-quickstart|Scripts], and make any required configuration changes in @Config.groovy@. The plugin registers filters in @web.xml@, and also configures the Spring beans in the application context that implement various pieces of functionality. Ivy determines which jar files to use.
+Once you install the plugin, you simply run the initialization script, [s2-quickstart|Scripts], and make any required configuration changes in @Config.groovy@. The plugin registers filters in @web.xml@, and also configures the Spring beans in the application context that implement various pieces of functionality. Ivy determines which jar files to use.
To get started using the Spring Security plugin with your Grails application, see [Tutorials|guide:23 Tutorials].
View
11 src/docs/guide/10 Authentication Providers.gdoc
@@ -1,4 +1,4 @@
-The plugin registers authentication providers that perform authentication by implementing the [AuthenticationProvider|http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/authentication/AuthenticationProvider.html] interface.
+The plugin registers authentication providers that perform authentication by implementing the [AuthenticationProvider|http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/authentication/AuthenticationProvider.html] interface.
{table}
*Property* | *Default Value* | *Meaning*
@@ -20,9 +20,8 @@ beans = {
You register the provider in @grails-app/conf/Config.groovy@ as:
{code}
-grails.plugins.springsecurity.providerNames = ['myAuthenticationProvider',
- 'anonymousAuthenticationProvider',
- 'rememberMeAuthenticationProvider']
+grails.plugins.springsecurity.providerNames = [
+ 'myAuthenticationProvider',
+ 'anonymousAuthenticationProvider',
+ 'rememberMeAuthenticationProvider']
{code}
-
-
View
1 src/docs/guide/11 Custom UserDetailsService.gdoc
@@ -106,4 +106,3 @@ class MyController {
}
}
{code}
-
View
2 src/docs/guide/12 Password and Account Protection.gdoc
@@ -1,3 +1 @@
The sections that follow discuss approaches to protecting passwords and user accounts.
-
-
View
2 src/docs/guide/12.1 Password Encryption.gdoc
@@ -5,5 +5,3 @@ The table shows configurable password encryption attributes.
password.algorithm | 'SHA-256' | passwordEncoder Message Digest algorithm. See [this page|http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html#AppA] for options.
password.encodeHashAsBase64 | @false@ | If @true@, Base64-encode the hashed password.
{table}
-
-
View
4 src/docs/guide/13 URL Properties.gdoc
@@ -29,7 +29,3 @@ ajaxHeader | 'X-Requested-With' | Header name sent by Ajax library, used to dete
redirectStrategy.contextRelative | @false@ | If @true@, the redirect URL will be the value after the request context path. This results in the loss of protocol information (HTTP or HTTPS), so causes problems if a redirect is being performed to change from HTTP to HTTPS or vice versa.
switchUser URLs | | See [Switch User|guide:15 Switch User], under *Customizing URLs*.
{table}
-
-
-
-
View
3 src/docs/guide/14 Hierarchical Roles.gdoc
@@ -3,7 +3,7 @@ Hierarchical roles are a convenient way to reduce clutter in your request mappin
{table}
*Property* | *Default Value* | *Meaning*
roleHierarchy | none | Hierarchical role definition.
-{table}
+{table}
For example, if you have several types of 'admin' roles that can be used to access a URL pattern and you do not use hierarchical roles, you need to specify all the admin roles:
@@ -47,4 +47,3 @@ class SomeController {
{code}
You can also reduce the number of granted roles in the database. Where previously you had to grant @ROLE_SUPERADMIN@, @ROLE_FINANCE_ADMIN@, and @ROLE_ADMIN@, now you only need to grant @ROLE_SUPERADMIN@.
-
View
1 src/docs/guide/15 Switch User.gdoc
@@ -100,4 +100,3 @@ Logged in as <sec:username/>
</sec:ifAllGranted>
</sec:ifNotSwitched>
{code}
-
View
10 src/docs/guide/16 Filters.gdoc
@@ -1,10 +1,10 @@
-There are a few different approaches to configuring filter chain(s).
+There are a few different approaches to configuring filter chain(s).
h4. Default Approach to Configuring Filter Chains
The default is to use configuration attributes to determine which extra filters to use (for example, Basic Auth, Switch User, etc.) and add these to the 'core' filters. For example, setting @grails.plugins.springsecurity.useSwitchUserFilter = true@ adds @switchUserProcessingFilter@ to the filter chain (and in the correct order). The filter chain built here is applied to all URLs. If you need more flexibility, you can use @filterChain.chainMap@ as discussed in *chainMap* below.
h4. filterNames
-To define custom filters, to remove a core filter from the chain (not recommended), or to otherwise have control over the filter chain, you can specify the @filterNames@ property as a list of strings. As with the default approach, the filter chain built here is applied to all URLs.
+To define custom filters, to remove a core filter from the chain (not recommended), or to otherwise have control over the filter chain, you can specify the @filterNames@ property as a list of strings. As with the default approach, the filter chain built here is applied to all URLs.
For example:
@@ -16,10 +16,10 @@ grails.plugins.springsecurity.filterChain.filterNames = [
]
{code}
-This example creates a filter chain corresponding to the Spring beans with the specified names.
+This example creates a filter chain corresponding to the Spring beans with the specified names.
h4. chainMap
-Use the @filterChain.chainMap@ attribute to define which filters are applied to different URL patterns. You define a Map that specifies one or more lists of filter bean names, each with a corresponding URL pattern.
+Use the @filterChain.chainMap@ attribute to define which filters are applied to different URL patterns. You define a Map that specifies one or more lists of filter bean names, each with a corresponding URL pattern.
{code}
grails.plugins.springsecurity.filterChain.chainMap = [
@@ -67,7 +67,7 @@ class BootStrap {
SpringSecurityUtils.clientRegisterFilter(
'myFilter', SecurityFilterPosition.OPENID_FILTER.order + 10)
}
-}
+}
{code}
This bootstrap code registers your filter just after the Open ID filter (if it's configured). You cannot register a filter in the same position as another, so it's a good idea to add a small delta to its position to put it after or before a filter that it should be next to in the chain. The Open ID filter position is just an example - add your filter in the position that makes sense.
View
3 src/docs/guide/17 Channel Security.gdoc
@@ -1,4 +1,4 @@
-Use channel security to configure which URLs require HTTP and which require HTTPS.
+Use channel security to configure which URLs require HTTP and which require HTTPS.
{table}
*Property* | *Default Value* | *Meaning*
@@ -19,4 +19,3 @@ grails.plugins.springsecurity.secureChannel.definition = [
{code}
URLs are checked in order, so be sure to put more specific rules before less specific. In the preceding example, @/images/login/\*\*@ is more specific than @/images/\*\*@, so it appears first in the configuration.
-
View
1 src/docs/guide/18 IP Address Restrictions.gdoc
@@ -24,4 +24,3 @@ All addresses can always be accessed from localhost regardless of IP pattern, pr
{note}
You cannot compare IPv4 and IPv6 addresses, so if your server supports both, you need to specify the IP patterns using the address format that is actually being used. Otherwise the filter throws exceptions. One option is to set the @java.net.preferIPv4Stack@ system property, for example, by adding it to @JAVA_OPTS@ or @GRAILS_OPTS@ as @-Djava.net.preferIPv4Stack=true@.
{note}
-
View
3 src/docs/guide/19 Session Fixation Prevention.gdoc
@@ -11,9 +11,8 @@ Session fixation is less of a problem now that Grails by default does not includ
The table shows configuration options for session fixation.
{table}
-*Property* | *Default Value* | *Meaning*
+*Property* | *Default Value* | *Meaning*
useSessionFixationPrevention | @false@ | Whether to use session fixation prevention.
sessionFixationPrevention.migrate | @true@ | Whether to copy the session attributes of the existing session to the new session after login.
sessionFixationPrevention.alwaysCreateSession | @false@ | Whether to always create a session even if one did not exist at the start of the request.
{table}
-
View
4 src/docs/guide/2 Differences Between the Spring Security and Acegi Plugins.gdoc
@@ -39,9 +39,8 @@ h4. Script Differences
To initialize the Acegi plugin, you run @create-auth-domains@. This initialization creates @grails-app/conf/SecurityConfig.groovy@ to allow configuration customization; creates the User, Role, and Requestmap domain classes; and creates the Login and Logout controllers and views. Another Acegi script, @generate-manager@, creates CRUD pages for the domain classes. (The earlier version of Grails did not scaffold many-to-many relationships well, so these GSPs were necessary.)In addition, a @generate-registration@ script installs a basic user registration controller.
-
The Spring Security plugin uses only one script, [s2-quickstart|Scripts]. It is similar to @create-auth-domains@ because it creates domain classes and login and logout bcontrollers, but it appends files to @grails-app/conf/Config.groovy@ instead of creating a standalone configuration file. There is no equivalent to @generate-manager@ or @generate-registration@ because an optional UI plugin generates domain class management screens, an admin console, and forgot password and registration workflows. If you want to create your own CRUD pages, you can use the standard Grails @generate-all@ script. Various sections of this documentation discuss required changes to the generated source files, for example, encrypting passwords before saving or updating a user.
-
+
h4. UserDetails Differences
The Acegi plugin extends the @UserDetails@ instance and adds an accessor for the person domain class instance that is used to populate the @UserDetails@. Because the @Authentication@ is kept in the HTTP session and the @UserDetails@ is attached to that, it is easy to access non-security data such as full name, email, and so on without hitting the database.
@@ -66,4 +65,3 @@ person = Person.get(userDetails.id)
The preceding approach works because the @UserDetails@ implementation is an instance of @org.codehaus.groovy.grails.plugins.springsecurity.GrailsUser@, which extends the standard Spring Security [User|http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/userdetails/User.html] and adds a @getId()@ method.
You can further extend this class if you want to store more data along with the authentication to avoid database access. See [Custom UserDetailsService|guide:11 Custom UserDetailsService].
-
View
4 src/docs/guide/20 Logout Handlers.gdoc
@@ -2,7 +2,7 @@ You register a list of logout handlers by implementing the [LogoutHandler|http:/
By default, a @securityContextLogoutHandler@ bean is registered to clear the [SecurityContextHolder|http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/context/SecurityContextHolder.html]. Also, unless you are using Facebook or OpenID, @rememberMeServices@ bean is registered to reset your cookie. (Facebook and OpenID authenticate externally so we don't have access to the password to create a remember-me cookie.) If you are using Facebook, a @facebookLogoutHandler@ is registered to reset its session cookies.
-To customize this list, you define a @logout.handlerNames@ attribute with a list of bean names.
+To customize this list, you define a @logout.handlerNames@ attribute with a list of bean names.
{table}
*Property* | *Default Value* | *Meaning*
@@ -26,5 +26,3 @@ grails.plugins.springsecurity.logout.handlerNames = [
'rememberMeServices', 'securityContextLogoutHandler', 'myLogoutHandler'
]
{code}
-
-
View
2 src/docs/guide/21 Voters.gdoc
@@ -24,5 +24,3 @@ grails.plugins.springsecurity.voterNames = [
'authenticatedVoter', 'roleVoter', 'myAccessDecisionVoter'
]
{code}
-
-
View
5 src/docs/guide/22 Miscellaneous Properties.gdoc
@@ -1,5 +1,3 @@
-
-
{table}
*Property* | *Default Value* | *Meaning*
active | @true@ | Whether the plugin is enabled.
@@ -23,6 +21,5 @@ controllerAnnotations.matcher | 'ant' | Use an Ant-style URL matcher ('ant') or
controllerAnnotations.lowercase | @true@ | Whether to do URL comparisons using lowercase.
controllerAnnotations.staticRules | none | Extra rules that cannot be mapped using annotations.
interceptUrlMap | none | Request mapping definition when using "InterceptUrlMap". See [Simple Map in Config.groovy|guide:5.2 Simple Map in Config.groovy].
-registerLoggerListener | @false@ | If @true@, registers a [LoggerListener|http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/access/event/LoggerListener.html] that logs interceptor-related application events.
+registerLoggerListener | @false@ | If @true@, registers a [LoggerListener|http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/access/event/LoggerListener.html] that logs interceptor-related application events.
{table}
-
View
1 src/docs/guide/23 Tutorials.gdoc
@@ -1 +0,0 @@
-
View
1 src/docs/guide/24 Controller MetaClass Methods.gdoc
@@ -76,4 +76,3 @@ class MyController {
}
}
{code}
-
View
2 src/docs/guide/25 Internationalization.gdoc
@@ -23,4 +23,4 @@ springSecurity.login.password.label | Password
springSecurity.login.remember.me.label | Remember me
springSecurity.denied.title | Denied
springSecurity.denied.message | Sorry, you're not authorized to view this page.
-{table}
+{table}
View
1 src/docs/guide/4.1 Person Class.gdoc
@@ -76,4 +76,3 @@ userLookup.accountLockedPropertyName | 'accountLocked' | User class account lock
userLookup.passwordExpiredPropertyName | 'passwordExpired' | User class password expired field
userLookup.authorityJoinClassName | 'PersonAuthority' | User/Role many-many join class name
{table}
-
View
1 src/docs/guide/4.2 Authority Class.gdoc
@@ -29,4 +29,3 @@ The class and property names are configurable using these configuration attribut
authority.className | 'Authority' | Role class name
authority.nameField | 'authority' | Role class role name field
{table}
-
View
11 src/docs/guide/4.3 PersonAuthority Class.gdoc
@@ -39,12 +39,12 @@ class UserRole implements Serializable {
static boolean remove(User user, Role role, boolean flush = false) {
UserRole instance = UserRole.findByUserAndRole(user, role)
- if (!instance) {
- return false
- }
+ if (!instance) {
+ return false
+ }
- instance.delete(flush: flush)
- true
+ instance.delete(flush: flush)
+ true
}
static void removeAll(User user) {
@@ -96,4 +96,3 @@ The class name is the only configurable attribute:
*Property* | *Default Value* | *Meaning*
userLookup.authorityJoinClassName | 'PersonAuthority' | User/Role many-many join class name
{table}
-
View
1 src/docs/guide/5 Configuring Request Mappings to Secure URLs.gdoc
@@ -37,4 +37,3 @@ Each approach has its advantages and disadvantages. Annotations and the @Config.
On the other hand, storing @Requestmap@ entries enables runtime-configurability. This approach gives you a core set of rules populated at application startup that you can edit, add to, and delete as needed. However, it separates the security rules from the application code, which is less convenient than having the rules defined in @grails-app/conf/Config.groovy@ or in the applicable controllers using annotations.
URLs must be mapped in lowercase if you use the @Requestmap@ or @grails-app/conf/Config.groovy@ map approaches. For example, if you have a FooBarController, its urls will be of the form /fooBar/list, /fooBar/create, and so on, but these must be mapped as /foobar/, /foobar/list, /foobar/create. This mapping is handled automatically for you if you use annotations.
-
View
1 src/docs/guide/5.1 Defining Secured Annotations.gdoc
@@ -76,4 +76,3 @@ This example maps all URLs associated with @SomePluginController@, which has URL
{note}
When mapping URLs for controllers that are mapped in @UrlMappings.groovy@, you need to secure the un-url-mapped URLs. For example if you have a FooBarController that you map to @/foo/bar/$action@, you must register that in @controllerAnnotations.staticRules@ as @/foobar/\*\*@. This is different than the mapping you would use for the other two approaches and is necessary because @controllerAnnotations.staticRules@ entries are treated as if they were annotations on the corresponding controller.
{note}
-
View
1 src/docs/guide/5.2 Simple Map in Config.groovy.gdoc
@@ -32,4 +32,3 @@ then this would fail - it wouldn't restrict access to @/secure/reallysecure/list
'/secure/reallysecure/**': ['ROLE_SUPERUSER']
'/secure/**': ['ROLE_ADMIN', 'ROLE_SUPERUSER'],
{code}
-
View
1 src/docs/guide/5.3 Requestmap Instances Stored in the Database.gdoc
@@ -51,4 +51,3 @@ class RequestmapController {
}
}
{code}
-
View
1 src/docs/guide/5.4 Using Expressions to Create Descriptive, Fine-Grained Rules.gdoc
@@ -71,4 +71,3 @@ To help you migrate traditional configurations to expressions, this table compar
@IS_AUTHENTICATED_REMEMBERED@ | @isAnonymous() or isRememberMe()@
@IS_AUTHENTICATED_FULLY@ | @isFullyAuthenticated()@
{table}
-
View
1 src/docs/guide/6.3 SpringSecurityUtils.gdoc
@@ -49,4 +49,3 @@ h4. doWithAuth()
Executes a Closure with the current authentication. The one-parameter version which takes just a Closure assumes that there's an authentication in the HTTP Session and that the Closure is running in a separate thread from the web request, so the @SecurityContext@ and @Authentication@ aren't available to the standard @ThreadLocal@. This is primarily of use when you explicitly launch a new thread from a controller action or service called in request scope, not from a Quartz job which isn't associated with an authentication in any thread.
The two-parameter version takes a Closure and a username to authenticate as. This is will authenticate as the specified user and execute the closure with that authentication. It restores the authentication to the one that was active if it exists, or clears the context otherwise. This is similar to run-as and switch-user but is only local to the Closure.
-
View
3 src/docs/guide/7 Events.gdoc
@@ -1,4 +1 @@
Spring Security fires application events after various security-related actions such as successful login, unsuccessful login, and so on. Spring Security uses two main event classes, [AbstractAuthenticationEvent|http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/authentication/event/AbstractAuthenticationEvent.html] and [AbstractAuthorizationEvent|http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/access/event/AbstractAuthorizationEvent.html].
-
-
-
View
1 src/docs/guide/7.1 Event Notification.gdoc
@@ -28,4 +28,3 @@ ProviderNotFoundException | AuthenticationFailureProviderNotFoundEvent
This holds for all exceptions except @UsernameNotFoundException@ which triggers an @AuthenticationFailureBadCredentialsEvent@ just like a @BadCredentialsException@. This is a good idea since it doesn't expose extra information - there's no differentiation between a bad password and a missing user. In addition, by default a missing user will trigger a @BadCredentialsException@ for the same reasons. You can configure Spring Security to re-throw the original @UsernameNotFoundException@ instead of converting it to a @BadCredentialsException@ by setting @grails.plugins.springsecurity.dao.hideUserNotFoundExceptions = false@ in @grails-app/conf/Config.groovy@.
Fortunately all subclasses of [AbstractAuthenticationFailureEvent|http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/authentication/event/AbstractAuthenticationFailureEvent.html] have a @getException()@ method that gives you access to the exception that triggered the event, so you can use that to differentiate between a bad password and a missing user (if @hideUserNotFoundExceptions=false@).
-
View
1 src/docs/guide/7.2 Registering an Event Listener.gdoc
@@ -23,4 +23,3 @@ beans = {
mySecurityEventListener(MySecurityEventListener)
}
{code}
-
View
1 src/docs/guide/7.3 Registering Callback Closures.gdoc
@@ -29,4 +29,3 @@ grails.plugins.springsecurity.onAuthorizationEvent = { e, appCtx ->
None of these closures are required; if none are configured, nothing will be called. Just implement the event handlers that you need.
*Note:* When a user authenticates, Spring Security initially fires an @AuthenticationSuccessEvent@. This event fires before the @Authentication@ is registered in the @SecurityContextHolder@, which means that the @springSecurityService@ methods that access the logged-in user will not work. Later in the processing a second event is fired, an @InteractiveAuthenticationSuccessEvent@, and when this happens the @SecurityContextHolder@ will have the @Authentication@. Depending on your needs, you can implement a callback for either or both events.
-
View
2 src/docs/guide/8 User, Authority (Role), and Requestmap Properties.gdoc
@@ -16,4 +16,4 @@ authority.nameField | 'authority' | Role class role name field.
requestMap.className | 'Requestmap' | Requestmap class name.
requestMap.urlField | 'url' | Requestmap class URL pattern field.
requestMap.configAttributeField | 'configAttribute' | Requestmap class role/token field.
-{table}
+{table}
View
1 src/docs/guide/9.1 Basic and Digest Authentication.gdoc
@@ -51,4 +51,3 @@ grails.plugins.springsecurity.digest.realmName = "Ralph's Bait and Tackle"
{code}
Digest authentication cannot be applied to a subset of URLs like Basic authentication can. This is due to the password encoding issues. So you cannot use the @chainMap@ attribute here - all URLs will be guarded.
-
View
1 src/docs/guide/9.4 Ajax Authentication.gdoc
@@ -248,4 +248,3 @@ def authAjax = {
{code}
and this requires an import for @javax.servlet.http.HttpServletResponse@.
-
View
1 src/docs/ref/Scripts/s2-quickstart.gdoc
@@ -23,4 +23,3 @@ h2. Description
** @grails-app/views/login/denied.gsp@ - shows a 403 error page
** @grails-app/controllers/LoginController.groovy@ - manages login workflow
** @grails-app/controllers/LogoutController.groovy@ - logs users out of the application
-
View
2 src/java/org/codehaus/groovy/grails/plugins/springsecurity/GrailsUser.java
@@ -33,7 +33,7 @@
/**
* Constructor.
- *
+ *
* @param username the username presented to the
* <code>DaoAuthenticationProvider</code>
* @param password the password that should be presented to the
View
2 src/templates/LoginController.groovy.template
@@ -55,7 +55,7 @@ class LoginController {
}
/**
- * The redirect action for Ajax requests.
+ * The redirect action for Ajax requests.
*/
def authAjax = {
response.setHeader 'Location', SpringSecurityUtils.securityConfig.auth.ajaxLoginFormUrl
View
2 src/templates/PersistentLogin.groovy.template
@@ -12,7 +12,7 @@ class ${className} {
token maxSize: 64
id maxSize: 64
}
-
+
static transients = ['series']
void setSeries(String series) { id = series }
View
2 src/templates/Person.groovy.template
@@ -31,7 +31,7 @@ ${dependencyInjections}
if (isDirty('password')) {
encodePassword()
}
- }
+ }
protected void encodePassword() {
password = springSecurityService.encodePassword(password)
View
4 ...ugins/springsecurity/ChannelFilterInvocationSecurityMetadataSourceFactoryBeanTests.groovy
@@ -21,13 +21,13 @@ import org.springframework.security.web.util.AntUrlPathMatcher
* @author <a href='mailto:burt@burtbeckwith.com'>Burt Beckwith</a>
*/
class ChannelFilterInvocationSecurityMetadataSourceFactoryBeanTests extends GroovyTestCase {
-
+
private _factory = new ChannelFilterInvocationSecurityMetadataSourceFactoryBean()
void testGetObjectType() {
assertSame DefaultFilterInvocationSecurityMetadataSource, _factory.objectType
}
-
+
void testIsSingleton() {
assertTrue _factory.singleton
}
View
2 test/unit/org/codehaus/groovy/grails/plugins/springsecurity/FakeApplication.groovy
@@ -31,7 +31,7 @@ class FakeApplication extends DefaultGrailsApplication {
FakeApplication(Class[] classes, ClassLoader classLoader) {
super(classes, classLoader)
}
-
+
@Override
ConfigObject getConfig() { this.config }
}
View
2 webtest/README
@@ -8,7 +8,7 @@ The create-test-app expects a config file in the project root directory called t
grailsHome = '/home/burt/dev/javalib/grails-1.2.2'
dotGrails = '/home/burt/.grails/1.2.2'
}
-
+
v13 {
pluginVersion = '0.1'
projectDir = '/home/burt/workspace/testapps/spring-security-test'
View
2 webtest/projectFiles/TestUserController_usingSalt_groovy
@@ -75,7 +75,7 @@ class TestUserController {
def oldPassword = person.password
person.properties = params
-
+
if (person.save()) {
TestUserTestRole.removeAll person
addRoles(person)
View
2 webtest/tests/RequestmapSecurityTest.groovy
@@ -162,7 +162,7 @@ class RequestmapSecurityTest extends AbstractSecurityWebTest {
// login as user1
get '/logout'
assertContentContains 'Welcome to Grails'
-
+
get '/login/auth'
assertContentContains 'Please Login'

0 comments on commit 4537a70

Please sign in to comment.
Something went wrong with that request. Please try again.