Permalink
Browse files

whitespace

  • Loading branch information...
burtbeckwith committed Jul 30, 2011
1 parent e1f7fcd commit 4537a702a623916d5072af520ba7370e405a6ddf
Showing with 42 additions and 87 deletions.
  1. +1 −1 grails-app/conf/BuildConfig.groovy
  2. +1 −1 grails-app/domain/test/TestPersistentLogin.groovy
  3. +1 −1 scripts/CreateS2TestApps.groovy
  4. +1 −1 scripts/S2CreatePersistentToken.groovy
  5. +1 −1 scripts/_S2Common.groovy
  6. +2 −3 src/docs/guide/1.1 Configuration Settings Now in Config.groovy.gdoc
  7. +2 −2 src/docs/guide/1.2 Getting Started.gdoc
  8. +5 −6 src/docs/guide/10 Authentication Providers.gdoc
  9. +0 −1 src/docs/guide/11 Custom UserDetailsService.gdoc
  10. +0 −2 src/docs/guide/12 Password and Account Protection.gdoc
  11. +0 −2 src/docs/guide/12.1 Password Encryption.gdoc
  12. +0 −4 src/docs/guide/13 URL Properties.gdoc
  13. +1 −2 src/docs/guide/14 Hierarchical Roles.gdoc
  14. +0 −1 src/docs/guide/15 Switch User.gdoc
  15. +5 −5 src/docs/guide/16 Filters.gdoc
  16. +1 −2 src/docs/guide/17 Channel Security.gdoc
  17. +0 −1 src/docs/guide/18 IP Address Restrictions.gdoc
  18. +1 −2 src/docs/guide/19 Session Fixation Prevention.gdoc
  19. +1 −3 src/docs/guide/2 Differences Between the Spring Security and Acegi Plugins.gdoc
  20. +1 −3 src/docs/guide/20 Logout Handlers.gdoc
  21. +0 −2 src/docs/guide/21 Voters.gdoc
  22. +1 −4 src/docs/guide/22 Miscellaneous Properties.gdoc
  23. +0 −1 src/docs/guide/23 Tutorials.gdoc
  24. +0 −1 src/docs/guide/24 Controller MetaClass Methods.gdoc
  25. +1 −1 src/docs/guide/25 Internationalization.gdoc
  26. +0 −1 src/docs/guide/4.1 Person Class.gdoc
  27. +0 −1 src/docs/guide/4.2 Authority Class.gdoc
  28. +5 −6 src/docs/guide/4.3 PersonAuthority Class.gdoc
  29. +0 −1 src/docs/guide/5 Configuring Request Mappings to Secure URLs.gdoc
  30. +0 −1 src/docs/guide/5.1 Defining Secured Annotations.gdoc
  31. +0 −1 src/docs/guide/5.2 Simple Map in Config.groovy.gdoc
  32. +0 −1 src/docs/guide/5.3 Requestmap Instances Stored in the Database.gdoc
  33. +0 −1 src/docs/guide/5.4 Using Expressions to Create Descriptive, Fine-Grained Rules.gdoc
  34. +0 −1 src/docs/guide/6.3 SpringSecurityUtils.gdoc
  35. +0 −3 src/docs/guide/7 Events.gdoc
  36. +0 −1 src/docs/guide/7.1 Event Notification.gdoc
  37. +0 −1 src/docs/guide/7.2 Registering an Event Listener.gdoc
  38. +0 −1 src/docs/guide/7.3 Registering Callback Closures.gdoc
  39. +1 −1 src/docs/guide/8 User, Authority (Role), and Requestmap Properties.gdoc
  40. +0 −1 src/docs/guide/9.1 Basic and Digest Authentication.gdoc
  41. +0 −1 src/docs/guide/9.4 Ajax Authentication.gdoc
  42. +0 −1 src/docs/ref/Scripts/s2-quickstart.gdoc
  43. +1 −1 src/java/org/codehaus/groovy/grails/plugins/springsecurity/GrailsUser.java
  44. +1 −1 src/templates/LoginController.groovy.template
  45. +1 −1 src/templates/PersistentLogin.groovy.template
  46. +1 −1 src/templates/Person.groovy.template
  47. +2 −2 ...rails/plugins/springsecurity/ChannelFilterInvocationSecurityMetadataSourceFactoryBeanTests.groovy
  48. +1 −1 test/unit/org/codehaus/groovy/grails/plugins/springsecurity/FakeApplication.groovy
  49. +1 −1 webtest/README
  50. +1 −1 webtest/projectFiles/TestUserController_usingSalt_groovy
  51. +1 −1 webtest/tests/RequestmapSecurityTest.groovy
@@ -21,7 +21,7 @@ grails.project.dependency.resolution = {
compile('org.springframework.security:spring-security-core:3.0.5.RELEASE') {
transitive = false
}
-
+
compile('org.springframework.security:spring-security-web:3.0.5.RELEASE') {
transitive = false
}
@@ -26,7 +26,7 @@ class TestPersistentLogin {
token maxSize: 64
id maxSize: 64
}
-
+
static transients = ['series']
void setSeries(String series) { id = series }
@@ -196,7 +196,7 @@ private void init(String name, config) {
projectDir = config.projectDir
appName = 'spring-security-core-test-' + name
testprojectRoot = "$projectDir/$appName"
-
+
grailsVersion = config.grailsVersion
dotGrails = config.dotGrails + '/' + grailsVersion
}
@@ -46,7 +46,7 @@ private boolean configure() {
String packageName
String className
(packageName, className) = splitClassName(fullClassName)
-
+
String packageDeclaration = ''
if (packageName) {
packageDeclaration = "package $packageName"
View
@@ -85,7 +85,7 @@ splitClassName = { String fullName ->
packageName = fullName[0..index-1]
className = fullName[index+1..-1]
}
- else {
+ else {
packageName = ''
className = fullName
}
@@ -1,14 +1,13 @@
-Unlike the Acegi plugin, which used its own configuration file, @SecurityConfig.groovy@, the Spring Security plugin maintains its configuration in the standard @Config.groovy@ file. Default values are in the plugin's @grails-app/conf/DefaultSecurityConfig.groovy@ file, and you add application-specific values to the @grails-app/conf/Config.groovy@ file. The two configurations will be merged, with application values overriding the defaults.
+Unlike the Acegi plugin, which used its own configuration file, @SecurityConfig.groovy@, the Spring Security plugin maintains its configuration in the standard @Config.groovy@ file. Default values are in the plugin's @grails-app/conf/DefaultSecurityConfig.groovy@ file, and you add application-specific values to the @grails-app/conf/Config.groovy@ file. The two configurations will be merged, with application values overriding the defaults.
This structure enables environment-specific configuration such as, for example, fewer structure-restrictive security rules during development than in production. Like any environment-specific configuration parameters, you wrap them in an @environments@ block.
{note}
-The plugin's configuration values all start with @grails.plugins.springsecurity@ to distinguish them from similarly named options in Grails and from other plugins. You must specify all property overrides with the @grails.plugins.springsecurity@ suffix. For example, you specify the attribute @password.algorithm@ as:
+The plugin's configuration values all start with @grails.plugins.springsecurity@ to distinguish them from similarly named options in Grails and from other plugins. You must specify all property overrides with the @grails.plugins.springsecurity@ suffix. For example, you specify the attribute @password.algorithm@ as:
{code}
grails.plugins.springsecurity.password.algorithm='SHA-512'
{code}
in @Config.groovy@
{note}
-
@@ -1,6 +1,6 @@
-If you will be migrating from the Acegi to the Spring Security plugin, see [Migrating from the Acegi Plugin|guide:3 Migrating from the Acegi Plugin].
+If you will be migrating from the Acegi to the Spring Security plugin, see [Migrating from the Acegi Plugin|guide:3 Migrating from the Acegi Plugin].
-Once you install the plugin, you simply run the initialization script, [s2-quickstart|Scripts], and make any required configuration changes in @Config.groovy@. The plugin registers filters in @web.xml@, and also configures the Spring beans in the application context that implement various pieces of functionality. Ivy determines which jar files to use.
+Once you install the plugin, you simply run the initialization script, [s2-quickstart|Scripts], and make any required configuration changes in @Config.groovy@. The plugin registers filters in @web.xml@, and also configures the Spring beans in the application context that implement various pieces of functionality. Ivy determines which jar files to use.
To get started using the Spring Security plugin with your Grails application, see [Tutorials|guide:23 Tutorials].
@@ -1,4 +1,4 @@
-The plugin registers authentication providers that perform authentication by implementing the [AuthenticationProvider|http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/authentication/AuthenticationProvider.html] interface.
+The plugin registers authentication providers that perform authentication by implementing the [AuthenticationProvider|http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/authentication/AuthenticationProvider.html] interface.
{table}
*Property* | *Default Value* | *Meaning*
@@ -20,9 +20,8 @@ beans = {
You register the provider in @grails-app/conf/Config.groovy@ as:
{code}
-grails.plugins.springsecurity.providerNames = ['myAuthenticationProvider',
- 'anonymousAuthenticationProvider',
- 'rememberMeAuthenticationProvider']
+grails.plugins.springsecurity.providerNames = [
+ 'myAuthenticationProvider',
+ 'anonymousAuthenticationProvider',
+ 'rememberMeAuthenticationProvider']
{code}
-
-
@@ -106,4 +106,3 @@ class MyController {
}
}
{code}
-
@@ -1,3 +1 @@
The sections that follow discuss approaches to protecting passwords and user accounts.
-
-
@@ -5,5 +5,3 @@ The table shows configurable password encryption attributes.
password.algorithm | 'SHA-256' | passwordEncoder Message Digest algorithm. See [this page|http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html#AppA] for options.
password.encodeHashAsBase64 | @false@ | If @true@, Base64-encode the hashed password.
{table}
-
-
@@ -29,7 +29,3 @@ ajaxHeader | 'X-Requested-With' | Header name sent by Ajax library, used to dete
redirectStrategy.contextRelative | @false@ | If @true@, the redirect URL will be the value after the request context path. This results in the loss of protocol information (HTTP or HTTPS), so causes problems if a redirect is being performed to change from HTTP to HTTPS or vice versa.
switchUser URLs | | See [Switch User|guide:15 Switch User], under *Customizing URLs*.
{table}
-
-
-
-
@@ -3,7 +3,7 @@ Hierarchical roles are a convenient way to reduce clutter in your request mappin
{table}
*Property* | *Default Value* | *Meaning*
roleHierarchy | none | Hierarchical role definition.
-{table}
+{table}
For example, if you have several types of 'admin' roles that can be used to access a URL pattern and you do not use hierarchical roles, you need to specify all the admin roles:
@@ -47,4 +47,3 @@ class SomeController {
{code}
You can also reduce the number of granted roles in the database. Where previously you had to grant @ROLE_SUPERADMIN@, @ROLE_FINANCE_ADMIN@, and @ROLE_ADMIN@, now you only need to grant @ROLE_SUPERADMIN@.
-
@@ -100,4 +100,3 @@ Logged in as <sec:username/>
</sec:ifAllGranted>
</sec:ifNotSwitched>
{code}
-
@@ -1,10 +1,10 @@
-There are a few different approaches to configuring filter chain(s).
+There are a few different approaches to configuring filter chain(s).
h4. Default Approach to Configuring Filter Chains
The default is to use configuration attributes to determine which extra filters to use (for example, Basic Auth, Switch User, etc.) and add these to the 'core' filters. For example, setting @grails.plugins.springsecurity.useSwitchUserFilter = true@ adds @switchUserProcessingFilter@ to the filter chain (and in the correct order). The filter chain built here is applied to all URLs. If you need more flexibility, you can use @filterChain.chainMap@ as discussed in *chainMap* below.
h4. filterNames
-To define custom filters, to remove a core filter from the chain (not recommended), or to otherwise have control over the filter chain, you can specify the @filterNames@ property as a list of strings. As with the default approach, the filter chain built here is applied to all URLs.
+To define custom filters, to remove a core filter from the chain (not recommended), or to otherwise have control over the filter chain, you can specify the @filterNames@ property as a list of strings. As with the default approach, the filter chain built here is applied to all URLs.
For example:
@@ -16,10 +16,10 @@ grails.plugins.springsecurity.filterChain.filterNames = [
]
{code}
-This example creates a filter chain corresponding to the Spring beans with the specified names.
+This example creates a filter chain corresponding to the Spring beans with the specified names.
h4. chainMap
-Use the @filterChain.chainMap@ attribute to define which filters are applied to different URL patterns. You define a Map that specifies one or more lists of filter bean names, each with a corresponding URL pattern.
+Use the @filterChain.chainMap@ attribute to define which filters are applied to different URL patterns. You define a Map that specifies one or more lists of filter bean names, each with a corresponding URL pattern.
{code}
grails.plugins.springsecurity.filterChain.chainMap = [
@@ -67,7 +67,7 @@ class BootStrap {
SpringSecurityUtils.clientRegisterFilter(
'myFilter', SecurityFilterPosition.OPENID_FILTER.order + 10)
}
-}
+}
{code}
This bootstrap code registers your filter just after the Open ID filter (if it's configured). You cannot register a filter in the same position as another, so it's a good idea to add a small delta to its position to put it after or before a filter that it should be next to in the chain. The Open ID filter position is just an example - add your filter in the position that makes sense.
@@ -1,4 +1,4 @@
-Use channel security to configure which URLs require HTTP and which require HTTPS.
+Use channel security to configure which URLs require HTTP and which require HTTPS.
{table}
*Property* | *Default Value* | *Meaning*
@@ -19,4 +19,3 @@ grails.plugins.springsecurity.secureChannel.definition = [
{code}
URLs are checked in order, so be sure to put more specific rules before less specific. In the preceding example, @/images/login/\*\*@ is more specific than @/images/\*\*@, so it appears first in the configuration.
-
@@ -24,4 +24,3 @@ All addresses can always be accessed from localhost regardless of IP pattern, pr
{note}
You cannot compare IPv4 and IPv6 addresses, so if your server supports both, you need to specify the IP patterns using the address format that is actually being used. Otherwise the filter throws exceptions. One option is to set the @java.net.preferIPv4Stack@ system property, for example, by adding it to @JAVA_OPTS@ or @GRAILS_OPTS@ as @-Djava.net.preferIPv4Stack=true@.
{note}
-
@@ -11,9 +11,8 @@ Session fixation is less of a problem now that Grails by default does not includ
The table shows configuration options for session fixation.
{table}
-*Property* | *Default Value* | *Meaning*
+*Property* | *Default Value* | *Meaning*
useSessionFixationPrevention | @false@ | Whether to use session fixation prevention.
sessionFixationPrevention.migrate | @true@ | Whether to copy the session attributes of the existing session to the new session after login.
sessionFixationPrevention.alwaysCreateSession | @false@ | Whether to always create a session even if one did not exist at the start of the request.
{table}
-
@@ -39,9 +39,8 @@ h4. Script Differences
To initialize the Acegi plugin, you run @create-auth-domains@. This initialization creates @grails-app/conf/SecurityConfig.groovy@ to allow configuration customization; creates the User, Role, and Requestmap domain classes; and creates the Login and Logout controllers and views. Another Acegi script, @generate-manager@, creates CRUD pages for the domain classes. (The earlier version of Grails did not scaffold many-to-many relationships well, so these GSPs were necessary.)In addition, a @generate-registration@ script installs a basic user registration controller.
-
The Spring Security plugin uses only one script, [s2-quickstart|Scripts]. It is similar to @create-auth-domains@ because it creates domain classes and login and logout bcontrollers, but it appends files to @grails-app/conf/Config.groovy@ instead of creating a standalone configuration file. There is no equivalent to @generate-manager@ or @generate-registration@ because an optional UI plugin generates domain class management screens, an admin console, and forgot password and registration workflows. If you want to create your own CRUD pages, you can use the standard Grails @generate-all@ script. Various sections of this documentation discuss required changes to the generated source files, for example, encrypting passwords before saving or updating a user.
-
+
h4. UserDetails Differences
The Acegi plugin extends the @UserDetails@ instance and adds an accessor for the person domain class instance that is used to populate the @UserDetails@. Because the @Authentication@ is kept in the HTTP session and the @UserDetails@ is attached to that, it is easy to access non-security data such as full name, email, and so on without hitting the database.
@@ -66,4 +65,3 @@ person = Person.get(userDetails.id)
The preceding approach works because the @UserDetails@ implementation is an instance of @org.codehaus.groovy.grails.plugins.springsecurity.GrailsUser@, which extends the standard Spring Security [User|http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/userdetails/User.html] and adds a @getId()@ method.
You can further extend this class if you want to store more data along with the authentication to avoid database access. See [Custom UserDetailsService|guide:11 Custom UserDetailsService].
-
@@ -2,7 +2,7 @@ You register a list of logout handlers by implementing the [LogoutHandler|http:/
By default, a @securityContextLogoutHandler@ bean is registered to clear the [SecurityContextHolder|http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/context/SecurityContextHolder.html]. Also, unless you are using Facebook or OpenID, @rememberMeServices@ bean is registered to reset your cookie. (Facebook and OpenID authenticate externally so we don't have access to the password to create a remember-me cookie.) If you are using Facebook, a @facebookLogoutHandler@ is registered to reset its session cookies.
-To customize this list, you define a @logout.handlerNames@ attribute with a list of bean names.
+To customize this list, you define a @logout.handlerNames@ attribute with a list of bean names.
{table}
*Property* | *Default Value* | *Meaning*
@@ -26,5 +26,3 @@ grails.plugins.springsecurity.logout.handlerNames = [
'rememberMeServices', 'securityContextLogoutHandler', 'myLogoutHandler'
]
{code}
-
-
@@ -24,5 +24,3 @@ grails.plugins.springsecurity.voterNames = [
'authenticatedVoter', 'roleVoter', 'myAccessDecisionVoter'
]
{code}
-
-
@@ -1,5 +1,3 @@
-
-
{table}
*Property* | *Default Value* | *Meaning*
active | @true@ | Whether the plugin is enabled.
@@ -23,6 +21,5 @@ controllerAnnotations.matcher | 'ant' | Use an Ant-style URL matcher ('ant') or
controllerAnnotations.lowercase | @true@ | Whether to do URL comparisons using lowercase.
controllerAnnotations.staticRules | none | Extra rules that cannot be mapped using annotations.
interceptUrlMap | none | Request mapping definition when using "InterceptUrlMap". See [Simple Map in Config.groovy|guide:5.2 Simple Map in Config.groovy].
-registerLoggerListener | @false@ | If @true@, registers a [LoggerListener|http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/access/event/LoggerListener.html] that logs interceptor-related application events.
+registerLoggerListener | @false@ | If @true@, registers a [LoggerListener|http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/access/event/LoggerListener.html] that logs interceptor-related application events.
{table}
-
@@ -1 +0,0 @@
-
@@ -76,4 +76,3 @@ class MyController {
}
}
{code}
-
@@ -23,4 +23,4 @@ springSecurity.login.password.label | Password
springSecurity.login.remember.me.label | Remember me
springSecurity.denied.title | Denied
springSecurity.denied.message | Sorry, you're not authorized to view this page.
-{table}
+{table}
@@ -76,4 +76,3 @@ userLookup.accountLockedPropertyName | 'accountLocked' | User class account lock
userLookup.passwordExpiredPropertyName | 'passwordExpired' | User class password expired field
userLookup.authorityJoinClassName | 'PersonAuthority' | User/Role many-many join class name
{table}
-
@@ -29,4 +29,3 @@ The class and property names are configurable using these configuration attribut
authority.className | 'Authority' | Role class name
authority.nameField | 'authority' | Role class role name field
{table}
-
@@ -39,12 +39,12 @@ class UserRole implements Serializable {
static boolean remove(User user, Role role, boolean flush = false) {
UserRole instance = UserRole.findByUserAndRole(user, role)
- if (!instance) {
- return false
- }
+ if (!instance) {
+ return false
+ }
- instance.delete(flush: flush)
- true
+ instance.delete(flush: flush)
+ true
}
static void removeAll(User user) {
@@ -96,4 +96,3 @@ The class name is the only configurable attribute:
*Property* | *Default Value* | *Meaning*
userLookup.authorityJoinClassName | 'PersonAuthority' | User/Role many-many join class name
{table}
-
@@ -37,4 +37,3 @@ Each approach has its advantages and disadvantages. Annotations and the @Config.
On the other hand, storing @Requestmap@ entries enables runtime-configurability. This approach gives you a core set of rules populated at application startup that you can edit, add to, and delete as needed. However, it separates the security rules from the application code, which is less convenient than having the rules defined in @grails-app/conf/Config.groovy@ or in the applicable controllers using annotations.
URLs must be mapped in lowercase if you use the @Requestmap@ or @grails-app/conf/Config.groovy@ map approaches. For example, if you have a FooBarController, its urls will be of the form /fooBar/list, /fooBar/create, and so on, but these must be mapped as /foobar/, /foobar/list, /foobar/create. This mapping is handled automatically for you if you use annotations.
-
@@ -76,4 +76,3 @@ This example maps all URLs associated with @SomePluginController@, which has URL
{note}
When mapping URLs for controllers that are mapped in @UrlMappings.groovy@, you need to secure the un-url-mapped URLs. For example if you have a FooBarController that you map to @/foo/bar/$action@, you must register that in @controllerAnnotations.staticRules@ as @/foobar/\*\*@. This is different than the mapping you would use for the other two approaches and is necessary because @controllerAnnotations.staticRules@ entries are treated as if they were annotations on the corresponding controller.
{note}
-
@@ -32,4 +32,3 @@ then this would fail - it wouldn't restrict access to @/secure/reallysecure/list
'/secure/reallysecure/**': ['ROLE_SUPERUSER']
'/secure/**': ['ROLE_ADMIN', 'ROLE_SUPERUSER'],
{code}
-
@@ -51,4 +51,3 @@ class RequestmapController {
}
}
{code}
-
@@ -71,4 +71,3 @@ To help you migrate traditional configurations to expressions, this table compar
@IS_AUTHENTICATED_REMEMBERED@ | @isAnonymous() or isRememberMe()@
@IS_AUTHENTICATED_FULLY@ | @isFullyAuthenticated()@
{table}
-
Oops, something went wrong.

0 comments on commit 4537a70

Please sign in to comment.