add security integration

grails-app/conf/Config.groovy

@@ -88,3 +88,12 @@ log4j = {
 
     warn   'org.mortbay.log'
 }
+
+// Added by the Spring Security Core plugin:
+grails.plugins.springsecurity.userLookup.userDomainClassName = 'org.jboss.chirpr.grails.domain.User'
+grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'org.jboss.chirpr.grails.domain.UserRole'
+grails.plugins.springsecurity.authority.className = 'org.jboss.chirpr.grails.domain.Role'
+
+grails.plugins.springsecurity.openid.userLookup.openIdsPropertyName = 'openIds'
+
+grails.plugins.springsecurity.openid.domainClass = 'org.jboss.chirpr.grails.domain.OpenId'

grails-app/conf/UrlMappings.groovy

@@ -1,13 +1,24 @@
 class UrlMappings {
 
-	static mappings = {
-		"/$controller/$action?/$id?"{
-			constraints {
-				// apply constraints here
-			}
-		}
-
-		"/"(view:"/index")
-		"500"(view:'/error')
-	}
+
+    static mappings = {
+
+
+    "/login/auth" {
+        controller = 'openId'
+        action = 'auth'
+    }
+    "/login/openIdCreateAccount" {
+        controller = 'openId'
+        action = 'createAccount'
+    }
+        "/$controller/$action?/$id?" {
+            constraints {
+                // apply constraints here
+            }
+        }
+
+        "/"(view: "/index")
+        "500"(view: '/error')
+    }
 }

grails-app/controllers/LoginController.groovy

@@ -0,0 +1,134 @@
+import grails.converters.JSON
+
+import javax.servlet.http.HttpServletResponse
+
+import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
+
+import org.springframework.security.authentication.AccountExpiredException
+import org.springframework.security.authentication.CredentialsExpiredException
+import org.springframework.security.authentication.DisabledException
+import org.springframework.security.authentication.LockedException
+import org.springframework.security.core.context.SecurityContextHolder as SCH
+import org.springframework.security.web.WebAttributes
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
+
+class LoginController {
+
+	/**
+	 * Dependency injection for the authenticationTrustResolver.
+	 */
+	def authenticationTrustResolver
+
+	/**
+	 * Dependency injection for the springSecurityService.
+	 */
+	def springSecurityService
+
+	/**
+	 * Default action; redirects to 'defaultTargetUrl' if logged in, /login/auth otherwise.
+	 */
+	def index = {
+		if (springSecurityService.isLoggedIn()) {
+			redirect uri: SpringSecurityUtils.securityConfig.successHandler.defaultTargetUrl
+		}
+		else {
+			redirect action: auth, params: params
+		}
+	}
+
+	/**
+	 * Show the login page.
+	 */
+	def auth = {
+
+		def config = SpringSecurityUtils.securityConfig
+
+		if (springSecurityService.isLoggedIn()) {
+			redirect uri: config.successHandler.defaultTargetUrl
+			return
+		}
+
+		String view = 'auth'
+		String postUrl = "${request.contextPath}${config.apf.filterProcessesUrl}"
+		render view: view, model: [postUrl: postUrl,
+		                           rememberMeParameter: config.rememberMe.parameter]
+	}
+
+	/**
+	 * The redirect action for Ajax requests. 
+	 */
+	def authAjax = {
+		response.setHeader 'Location', SpringSecurityUtils.securityConfig.auth.ajaxLoginFormUrl
+		response.sendError HttpServletResponse.SC_UNAUTHORIZED
+	}
+
+	/**
+	 * Show denied page.
+	 */
+	def denied = {
+		if (springSecurityService.isLoggedIn() &&
+				authenticationTrustResolver.isRememberMe(SCH.context?.authentication)) {
+			// have cookie but the page is guarded with IS_AUTHENTICATED_FULLY
+			redirect action: full, params: params
+		}
+	}
+
+	/**
+	 * Login page for users with a remember-me cookie but accessing a IS_AUTHENTICATED_FULLY page.
+	 */
+	def full = {
+		def config = SpringSecurityUtils.securityConfig
+		render view: 'auth', params: params,
+			model: [hasCookie: authenticationTrustResolver.isRememberMe(SCH.context?.authentication),
+			        postUrl: "${request.contextPath}${config.apf.filterProcessesUrl}"]
+	}
+
+	/**
+	 * Callback after a failed login. Redirects to the auth page with a warning message.
+	 */
+	def authfail = {
+
+		def username = session[UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY]
+		String msg = ''
+		def exception = session[WebAttributes.AUTHENTICATION_EXCEPTION]
+		if (exception) {
+			if (exception instanceof AccountExpiredException) {
+				msg = SpringSecurityUtils.securityConfig.errors.login.expired
+			}
+			else if (exception instanceof CredentialsExpiredException) {
+				msg = SpringSecurityUtils.securityConfig.errors.login.passwordExpired
+			}
+			else if (exception instanceof DisabledException) {
+				msg = SpringSecurityUtils.securityConfig.errors.login.disabled
+			}
+			else if (exception instanceof LockedException) {
+				msg = SpringSecurityUtils.securityConfig.errors.login.locked
+			}
+			else {
+				msg = SpringSecurityUtils.securityConfig.errors.login.fail
+			}
+		}
+
+		if (springSecurityService.isAjax(request)) {
+			render([error: msg] as JSON)
+		}
+		else {
+			flash.message = msg
+			redirect action: auth, params: params
+		}
+	}
+
+	/**
+	 * The Ajax success redirect url.
+	 */
+	def ajaxSuccess = {
+		render([success: true, username: springSecurityService.authentication.name] as JSON)
+	}
+
+	/**
+	 * The Ajax denied redirect url.
+	 */
+	def ajaxDenied = {
+		render([error: 'access denied'] as JSON)
+	}
+}

grails-app/controllers/LogoutController.groovy

@@ -0,0 +1,12 @@
+import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
+
+class LogoutController {
+
+	/**
+	 * Index action. Redirects to the Spring security logout uri.
+	 */
+	def index = {
+		// TODO  put any pre-logout code here
+		redirect uri: SpringSecurityUtils.securityConfig.logout.filterProcessesUrl // '/j_spring_security_logout'
+	}
+}