Permalink
Browse files

doc updates for v0.2 release

  • Loading branch information...
1 parent d9d479d commit 16b818d1881bfe4a54cc1c65298364032cd1011e Burt Beckwith committed Feb 13, 2012
@@ -1,5 +1,30 @@
-The Spring Security UI plugin provides CRUD screens and other user management workflows. Non-default functionality is available only if the feature is available; this includes the ACL controllers and views which require the [ACL plugin|http://grails.org/plugin/spring-security-acl], Requestmaps support which requires that @grails.plugins.springsecurity.securityConfigType@ have the value @SecurityConfigType.Requestmap@ in @Config.groovy@, and persistent cookies support which requires that you have configured it with the @s2-create-persistent-token@ script.
+The Spring Security UI plugin provides CRUD screens and other user management workflows. Non-default functionality is available only if the feature is available; this includes the ACL controllers and views which are enabled if the [ACL plugin|http://grails.org/plugin/spring-security-acl] is installed, Requestmaps support which is available if @grails.plugins.springsecurity.securityConfigType@ is set to @"Requestmap"@ or @SecurityConfigType.Requestmap@ in @Config.groovy@, and persistent cookies support which is enabled if it has been configured with the @s2-create-persistent-token@ script.
+
+{note}
+As of version 0.2 the plugin does not declare any dependencies on plugins, although it has several:
+
+{table}
+*Name* | *Minimum Version*
+spring-security-core | 1.2
+mail | 1.0
+jquery | 1.4.4
+jquery-ui | 1.8.7
+famfamfam | 1.0
+{table}
+
+This is to support both 1.3.x and 2.0 applications without specifying a fixed version. Be sure that you have these dependent plugins installed before installing this one (using the latest versions of each is your best bet).
+
+{note}
+
h4. Release History
+* February 12, 2012
+** 0.2 release
+** [JIRA Issues|http://jira.grails.org/secure/ReleaseNote.jspa?projectId=10233&version=12709]
+* September 14, 2010
+** 0.1.2 release
+** [JIRA Issues|http://jira.grails.org/secure/ReleaseNote.jspa?projectId=10233&version=11921]
+* July 27, 2010
+** 0.1.1 release
* July 26, 2010
** initial 0.1 release
@@ -116,7 +116,7 @@ h4. Password Encryption
In recent versions of the Spring Security Core plugin, the "User" domain class is generated by the @s2-quickstart@ with code to automatically encrypt the password. This makes the code simpler (for example in controllers where you create users or update user passwords) but older generated classes don't have this generated code. This presents a problem for plugins like this one since it's not possible to reliably determine if the domain class encrypts the password or if you use the older approach of explicitly calling @springSecurityService.encodePassword()@.
-The unfortunate consequence of mixing a newer domain class that does password encryption with controllers that call @springSecurityService.encodePassword()@ is the the passwords get double-encrypted, and users aren't able to login. So to get around this there's and configuration option you can set to tell this plugin's controllers whether to encrypt or not: @grails.plugins.springsecurity.ui.encodePassword@.
+The unfortunate consequence of mixing a newer domain class that does password encryption with controllers that call @springSecurityService.encodePassword()@ is the the passwords get double-encrypted, and users aren't able to login. So to get around this there's a configuration option you can set to tell this plugin's controllers whether to encrypt or not: @grails.plugins.springsecurity.ui.encodePassword@.
This option defaults to @true@ to avoid a breaking change, so if you have a newer domain class that handles encryption just disable this plugin's encryption:
@@ -20,7 +20,7 @@ You can update any of the attributes or delete the user. You can see that there'
!user_edit_roles.png!
-This allows you to temporarily assume the identity of another user (see [Section 15|http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/] in the Spring Security Core plugin documentation for more information about switch-user). The "Logged in as ..." information in the top right of the screen will change to show that you're running as another user and provide a link to switch back. The role name is arbitrary and can be changed by overriding @edit.gsp@.
+This allows you to temporarily assume the identity of another user (see [Section 15|http://grails-plugins.github.com/grails-spring-security-core/docs/manual/] in the Spring Security Core plugin documentation for more information about switch-user). The "Logged in as ..." information in the top right of the screen will change to show that you're running as another user and provide a link to switch back. The role name is arbitrary and can be changed by overriding @edit.gsp@.
h4. OpenIDs
@@ -1,4 +1,4 @@
-The default approach to securing URLs is with annotations, so the Requestmaps menu is only shown if @grails.plugins.springsecurity.securityConfigType@ has the value @SecurityConfigType.Requestmap@ in @Config.groovy@.
+The default approach to securing URLs is with annotations, so the Requestmaps menu is only shown if @grails.plugins.springsecurity.securityConfigType@ has the value @"Requestmap"@ or @SecurityConfigType.Requestmap@ in @Config.groovy@.
h4. Requestmap search
@@ -62,6 +62,22 @@ h4. Notes
You should consider the registration code as starter code - every signup workflow will be different, and this should help you get going but is unlikely to be sufficient. You may wish to collect more information than just username and email - first and last name for example. Run @grails s2ui-override register@ to copy the registration controller and GSPs into your application to be customized.
+If there are unexpected validation errors during registration (which can happen when there is a disconnect between the domain classes and the code in @RegisterController@ they will be logged at the @warn@ level, so enable logging to ensure that you see the messages, e.g.
+
+{code}
+log4j = {
+ error 'org.codehaus.groovy.grails',
+ 'org.springframework',
+ 'org.hibernate',
+ 'net.sf.ehcache.hibernate'
+ // pre-2.0
+ // warn 'grails.app.service.grails.plugins.springsecurity.ui.SpringSecurityUiService'
+
+ // 2.0
+ warn 'grails.app.services.grails.plugins.springsecurity.ui.SpringSecurityUiService'
+}
+{code}
+
{note}
@RegisterController@ and its GSPs assume that your User domain class has an @email@ field. Be sure to either rework the workflow (using the @s2ui-override@ script) if you don't need an email confirmation step or add an email field.
{note}
@@ -1,4 +1,4 @@
-Persistent cookies aren't enabled by default - you must enable them by running the @s2-create-persistent-token@ script. See [Section 9.3|http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/] in the Spring Security Core plugin documentation for details about this feature.
+Persistent cookies aren't enabled by default - you must enable them by running the @s2-create-persistent-token@ script. See [Section 9.3|http://grails-plugins.github.com/grails-spring-security-core/docs/manual/] in the Spring Security Core plugin documentation for details about this feature.
h4. Persistent logins search
@@ -13,4 +13,3 @@ You can search by any field, and there's an Ajax autocomplete for the @username@
Click the series to get to the edit page:
!persistent_login_edit.png!
-

0 comments on commit 16b818d

Please sign in to comment.