Following are the steps to configure spring security in grails:
1. Create project using command grails create-app projectName.
2. Configure Spring security core
First of all, we have to install Spring Security Core plugin into our project. Edit BuildConfig.groovy and modify the plugins
section as below:
plugins {
// plugins for the build system only
build “:tomcat:7.0.42″
// plugins for the compile step
compile “:scaffolding:2.0.0″
compile ‘:cache:1.1.1′
// plugins needed at runtime but not for compilation
runtime “:hibernate:3.6.10.1″ // or “:hibernate4:4.1.11.1″
runtime “:database-migration:1.3.5″
runtime “:jquery:1.10.2″ // <– If using 1.8.3, update to this version
runtime “:resources:1.2″
compile ‘:spring-security-core:2.0-RC2′ //Added
}
Then run (optionally grails clean) grails compile while in project’s directory to have the plugin installed.
3. Let Spring Security Core plugin to create required models and controllers for us. For that we have to run command
s2-quickstart
This will create 3 domain classes User, Role and UserRole.
And also in controller it will create 2 controllers LoginController
and LogoutController
which along with views/login/auth.gsp and views/login/denied.gsp.
4. Add the end of Config.groovy file you can see these lines added by spring security plugin
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = ‘com.team.model.User’
grails.plugin.springsecurity.userLookup.authorityJoinClassName = ‘com.team.model.UserRole’
grails.plugin.springsecurity.authority.className = ‘com.team.model.Role’
5. At this step, Spring Security Core is configured properly.
Edit BootStrap.groovy to tell Grails about our sample users/roles.
import com.team.model.Role
import com.team.model.User
import com.team.model.UserRole
class BootStrap {
def init = { servletContext ->
def adminRole = new Role(authority: ‘ROLE_ADMIN’).save(flush: true)
def userRole = new Role(authority: ‘ROLE_USER’).save(flush: true)
def testUser = new User(username: ‘admin’, enabled: true, password: ‘admin’)
testUser.save(flush: true)
UserRole.create testUser, adminRole, true
assert User.count() == 1
assert Role.count() == 2
assert UserRole.count() == 1
}
def destroy = {
}
}
6. Now you can use @Secured to to secure access to methods of controller based on roles. For example,
@Secured(['ROLE_ADMIN'])
def index(){
render ‘Some sensitive data’
}
ProsperaSoft offers Grails development solutions. You can email at info@prosperasoft.com to get in touch with ProsperaSoft Grails experts and consultants.