Permalink
Browse files

implemented security usingthe spring security plugin

  • Loading branch information...
1 parent 6243e14 commit 4bbe260289a20839802cf8848908a3135b0558da @jettro committed Jan 4, 2010
Showing with 1,690 additions and 12 deletions.
  1. +9 −0 MyScheduling-grailsPlugins.iml
  2. +2 −1 application.properties
  3. +51 −0 grails-app/conf/BootStrap.groovy
  4. +5 −1 grails-app/conf/Config.groovy
  5. +10 −0 grails-app/conf/SecurityConfig.groovy
  6. +182 −0 grails-app/controllers/nl/gridshore/scheduling/LoginController.groovy
  7. +15 −0 grails-app/controllers/nl/gridshore/scheduling/LogoutController.groovy
  8. +105 −0 grails-app/controllers/nl/gridshore/scheduling/RequestmapController.groovy
  9. +125 −0 grails-app/controllers/nl/gridshore/scheduling/RoleController.groovy
  10. +155 −2 grails-app/controllers/nl/gridshore/scheduling/UserController.groovy
  11. +15 −0 grails-app/domain/nl/gridshore/scheduling/Requestmap.groovy
  12. +19 −0 grails-app/domain/nl/gridshore/scheduling/Role.groovy
  13. +28 −8 grails-app/domain/nl/gridshore/scheduling/User.groovy
  14. +79 −0 grails-app/views/login/auth.gsp
  15. +6 −0 grails-app/views/login/denied.gsp
  16. +67 −0 grails-app/views/login/openIdAuth.gsp
  17. +53 −0 grails-app/views/requestmap/create.gsp
  18. +63 −0 grails-app/views/requestmap/edit.gsp
  19. +50 −0 grails-app/views/requestmap/list.gsp
  20. +51 −0 grails-app/views/requestmap/show.gsp
  21. +51 −0 grails-app/views/role/create.gsp
  22. +69 −0 grails-app/views/role/edit.gsp
  23. +49 −0 grails-app/views/role/list.gsp
  24. +57 −0 grails-app/views/role/show.gsp
  25. +94 −0 grails-app/views/user/create.gsp
  26. +104 −0 grails-app/views/user/edit.gsp
  27. +49 −0 grails-app/views/user/list.gsp
  28. +76 −0 grails-app/views/user/show.gsp
  29. +17 −0 test/unit/nl/gridshore/scheduling/RequestmapControllerTests.groovy
  30. +17 −0 test/unit/nl/gridshore/scheduling/UserServiceTests.groovy
  31. +17 −0 test/unit/nl/gridshore/scheduling/security/RoleControllerTests.groovy
@@ -16,6 +16,13 @@
</component>
<component name="NewModuleRootManager" inherit-compiler-output="true">
<exclude-output />
+ <content url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/acegi-0.5.2">
+ <sourceFolder url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/acegi-0.5.2/src/java" isTestSource="false" />
+ <sourceFolder url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/acegi-0.5.2/src/groovy" isTestSource="false" />
+ <sourceFolder url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/acegi-0.5.2/grails-app/controllers" isTestSource="false" />
+ <sourceFolder url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/acegi-0.5.2/grails-app/services" isTestSource="false" />
+ <sourceFolder url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/acegi-0.5.2/grails-app/taglib" isTestSource="false" />
+ </content>
<content url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/bubbling-2.1.1">
<sourceFolder url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/bubbling-2.1.1/src/groovy" isTestSource="false" />
<sourceFolder url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/bubbling-2.1.1/grails-app/taglib" isTestSource="false" />
@@ -59,9 +66,11 @@
<root url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/grails-ui-1.2-SNAPSHOT/lib" />
<root url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/db-util-0.4/lib" />
<root url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/mail-0.9/lib" />
+ <root url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/acegi-0.5.2/lib" />
</CLASSES>
<JAVADOC />
<SOURCES />
+ <jarDirectory url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/acegi-0.5.2/lib" recursive="false" />
<jarDirectory url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/db-util-0.4/lib" recursive="false" />
<jarDirectory url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/grails-ui-1.2-SNAPSHOT/lib" recursive="false" />
<jarDirectory url="file://$MODULE_DIR$/../../.grails/1.2.0/projects/MyScheduling/plugins/joda-time-0.5/lib" recursive="false" />
View
@@ -1,9 +1,10 @@
#Grails Metadata file
-#Sun Jan 03 08:18:48 CET 2010
+#Mon Jan 04 13:06:10 CET 2010
app.grails.version=1.2.0
app.name=MyScheduling
app.servlet.version=2.4
app.version=0.1
+plugins.acegi=0.5.2
plugins.bubbling=2.1.1
plugins.db-util=0.4
plugins.grails-ui=1.2-SNAPSHOT
@@ -1,8 +1,13 @@
import nl.gridshore.scheduling.Person
import nl.gridshore.scheduling.Project
+import nl.gridshore.scheduling.Role
+import nl.gridshore.scheduling.Requestmap
+import nl.gridshore.scheduling.User
class BootStrap {
+ def authenticateService
+
def init = { servletContext ->
def jettro = new Person(name:'Jettro',partTimeFactor:1)
jettro.save()
@@ -24,6 +29,52 @@ class BootStrap {
jettro.addToProjects newsfeed
jettro.addToProjects cqrs4j
allard.addToProjects cqrs4j
+ roberto.addToProjects newsfeed
+
+ // security
+ // roles
+ def roleAdmin = new Role(authority:"ROLE_ADMIN",description:"admin")
+ roleAdmin.save()
+ def roleSysAdmin = new Role(authority:"ROLE_SYSADMIN",description:"sysadmin")
+ roleSysAdmin.save()
+
+ // request maps
+ def securePerson = new Requestmap(url:"/person/**",configAttribute:"ROLE_ADMIN")
+ securePerson.save()
+ def secureProject = new Requestmap(url:"/project/**",configAttribute:"ROLE_ADMIN")
+ secureProject.save()
+ def secureUser = new Requestmap(url:"/user/**",configAttribute:"ROLE_ADMIN")
+ secureUser.save()
+ def secureRole = new Requestmap(url:"/role/**",configAttribute:"ROLE_SYSADMIN")
+ secureRole.save()
+ def secureRequestmap = new Requestmap(url:"/requestmap/**",configAttribute:"ROLE_SYSADMIN")
+ secureRequestmap.save()
+
+ // users
+ def passwdAdmin = authenticateService.encodePassword('admin')
+ def admin = new User(
+ username:"admin",
+ userRealName:"Administrator",
+ passwd:passwdAdmin,
+ enabled:true,
+ email:"admin@myscheduling",
+ emailShow:true,
+ description:'Can be used to do administrative tasks')
+ admin.save()
+ admin.addToAuthorities roleAdmin
+
+ def passwdSysadmin = authenticateService.encodePassword('sysadmin')
+ def sysadmin = new User(
+ username:"sysadmin",
+ userRealName:"System Administrator",
+ passwd:passwdSysadmin,
+ enabled:true,
+ email:"sysadmin@myscheduling",
+ emailShow:true,
+ description:'Can be used to do system administrative tasks')
+ sysadmin.save()
+ sysadmin.addToAuthorities roleAdmin
+ sysadmin.addToAuthorities roleSysAdmin
}
def destroy = {
}
@@ -103,4 +103,8 @@ log4j = {
}
-
+
+
+//log4j.logger.org.springframework.security='off,stdout'
+
+//log4j.logger.org.springframework.security='off,stdout'
@@ -0,0 +1,10 @@
+security {
+
+ // see DefaultSecurityConfig.groovy for all settable/overridable properties
+
+ active = true
+
+ loginUserDomainClass = "nl.gridshore.scheduling.User"
+ authorityDomainClass = "nl.gridshore.scheduling.Role"
+ requestMapClass = "nl.gridshore.scheduling.Requestmap"
+}
@@ -0,0 +1,182 @@
+package nl.gridshore.scheduling
+
+import org.codehaus.groovy.grails.plugins.springsecurity.RedirectUtils
+import org.grails.plugins.springsecurity.service.AuthenticateService
+
+import org.springframework.security.AuthenticationTrustResolverImpl
+import org.springframework.security.DisabledException
+import org.springframework.security.context.SecurityContextHolder as SCH
+import org.springframework.security.ui.AbstractProcessingFilter
+import org.springframework.security.ui.webapp.AuthenticationProcessingFilter
+import org.springframework.security.context.SecurityContextHolder
+
+/**
+ * Login Controller (Example).
+ */
+class LoginController {
+
+ /**
+ * Dependency injection for the authentication service.
+ */
+ def authenticateService
+
+ /**
+ * Dependency injection for OpenIDConsumer.
+ */
+ def openIDConsumer
+
+ /**
+ * Dependency injection for OpenIDAuthenticationProcessingFilter.
+ */
+ def openIDAuthenticationProcessingFilter
+
+ private final authenticationTrustResolver = new AuthenticationTrustResolverImpl()
+
+ def index = {
+ if (isLoggedIn()) {
+ redirect uri: '/'
+ }
+ else {
+ redirect action: auth, params: params
+ }
+ }
+
+ /**
+ * Show the login page.
+ */
+ def auth = {
+
+ nocache response
+
+ if (isLoggedIn()) {
+ redirect uri: '/'
+ return
+ }
+
+ String view
+ String postUrl
+ def config = authenticateService.securityConfig.security
+ if (config.useOpenId) {
+ view = 'openIdAuth'
+ postUrl = "${request.contextPath}/login/openIdAuthenticate"
+ }
+ else if (config.useFacebook) {
+ view = 'facebookAuth'
+ postUrl = "${request.contextPath}${config.facebook.filterProcessesUrl}"
+ }
+ else {
+ view = 'auth'
+ postUrl = "${request.contextPath}${config.filterProcessesUrl}"
+ }
+
+ render view: view, model: [postUrl: postUrl]
+ }
+
+ /**
+ * Form submit action to start an OpenID authentication.
+ */
+ def openIdAuthenticate = {
+ String openID = params['j_username']
+ try {
+ String returnToURL = RedirectUtils.buildRedirectUrl(
+ request, response, openIDAuthenticationProcessingFilter.filterProcessesUrl)
+ String redirectUrl = openIDConsumer.beginConsumption(request, openID, returnToURL)
+ redirect url: redirectUrl
+ }
+ catch (org.springframework.security.ui.openid.OpenIDConsumerException e) {
+ log.error "Consumer error: $e.message", e
+ redirect url: openIDAuthenticationProcessingFilter.authenticationFailureUrl
+ }
+ }
+
+ // Login page (function|json) for Ajax access.
+ def authAjax = {
+ nocache(response)
+ //this is example:
+ render """
+ <script type='text/javascript'>
+ (function() {
+ loginForm();
+ })();
+ </script>
+ """
+ }
+
+ /**
+ * The Ajax success redirect url.
+ */
+ def ajaxSuccess = {
+ nocache(response)
+ render '{success: true}'
+ }
+
+ /**
+ * Show denied page.
+ */
+ def denied = {
+ if (isLoggedIn() && authenticationTrustResolver.isRememberMe(SecurityContextHolder.context?.authentication)) {
+ // have cookie but the page is guarded with IS_AUTHENTICATED_FULLY
+ redirect action: full, params: params
+ }
+ }
+
+ /**
+ * Login page for users with a remember-me cookie but accessing a IS_AUTHENTICATED_FULLY page.
+ */
+ def full = {
+ render view: 'auth', params: params,
+ model: [hasCookie: authenticationTrustResolver.isRememberMe(SecurityContextHolder.context?.authentication)]
+ }
+
+ // Denial page (data|view|json) for Ajax access.
+ def deniedAjax = {
+ //this is example:
+ render "{error: 'access denied'}"
+ }
+
+ /**
+ * login failed
+ */
+ def authfail = {
+
+ def username = session[AuthenticationProcessingFilter.SPRING_SECURITY_LAST_USERNAME_KEY]
+ def msg = ''
+ def exception = session[AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY]
+ if (exception) {
+ if (exception instanceof DisabledException) {
+ msg = "[$username] is disabled."
+ }
+ else {
+ msg = "[$username] wrong username/password."
+ }
+ }
+
+ if (isAjax()) {
+ render "{error: '${msg}'}"
+ }
+ else {
+ flash.message = msg
+ redirect action: auth, params: params
+ }
+ }
+
+ /**
+ * Check if logged in.
+ */
+ private boolean isLoggedIn() {
+ return authenticateService.isLoggedIn()
+ }
+
+ private boolean isAjax() {
+ return authenticateService.isAjax(request)
+ }
+
+ /** cache controls */
+ private void nocache(response) {
+ response.setHeader('Cache-Control', 'no-cache') // HTTP 1.1
+ response.addDateHeader('Expires', 0)
+ response.setDateHeader('max-age', 0)
+ response.setIntHeader ('Expires', -1) //prevents caching at the proxy server
+ response.addHeader('cache-Control', 'private') //IE5.x only
+ }
+}
@@ -0,0 +1,15 @@
+package nl.gridshore.scheduling
+/**
+ * Logout Controller (Example).
+ */
+class LogoutController {
+ static navigation = [group:'sitemenu',order:30]
+
+ /**
+ * Index action. Redirects to the Spring security logout uri.
+ */
+ def index = {
+ // TODO put any pre-logout code here
+ redirect(uri: '/j_spring_security_logout')
+ }
+}
Oops, something went wrong.

0 comments on commit 4bbe260

Please sign in to comment.