====== Adding Spring Security Plugin ======
Spring security plugin allows your app to authenticate your user, and blocking them from access the functions your they do not have access right.
===== Setup =====
- Add the following in ''build.gradle'' **dependencies** section compile 'org.grails.plugins:spring-security-core:3.2.3'
{{ :adding_spring_security_plugin_1.png?direct&400 |}}
- Open a terminal (cmd), and cd to your project directory
- Type ''grails'' to enter grails console in your project diretcory
- User the ''s2-quickstart'' command. ''hello'' is the package name, ''User'', and ''Role'' is the user, and role domain class respectively. Note that UserRole domain class is also created for the user role mapping. This is for one user might have more than one role.
grails> s2-quickstart hello User Role
| Creating User class 'User' and Role class 'Role' in package 'hello'
| Rendered template PersonWithoutInjection.groovy.template to destination grails-app\domain\hello\User.groovy
| Rendered template PersonPasswordEncoderListener.groovy.template to destination src\main\groovy\hello\UserPasswordEncoderListener.groovy
| Rendered template Authority.groovy.template to destination grails-app\domain\hello\Role.groovy
| Rendered template PersonAuthority.groovy.template to destination grails-app\domain\hello\UserRole.groovy
|
************************************************************
* Created security-related domain classes. Your *
* grails-app/conf/application.groovy has been updated with *
* the class names of the configured domain classes; *
* please verify that the values are correct. *
************************************************************
Now that except for accessing the root path of your site, going to all the other paths will result in the default login page.
===== Adding User and Role =====
For testing purpose, we do this in Grails Bootstrap file. Your should, however, create it somewhere else on your production, and this should only be create once if your have a persistence database. Note that all role need to have an authority start with ''ROLE_'' prefix.
package hello
class BootStrap {
def init = { servletContext ->
User user = new User()
user.username = "username"
user.password = "password"
user.enabled = true
user.accountExpired = false
user.accountLocked = false
user.passwordExpired = false
user.save()
Role role = new Role()
role.authority = "ROLE_USER"
role.save()
UserRole userRole = new UserRole()
userRole.role = role
userRole.user = user
userRole.save()
}
def destroy = {
}
}
===== Access Control =====
You might also notice that a new file ''application.groovy'' is created under ./grails-app/conf/spring/ directory. Use this file is one of the ways to control the access right. Go to **grails.plugin.springsecurity.controllerAnnotations.staticRules**, we add two more lines to make it becomes:
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
[pattern: '/', access: ['permitAll']],
[pattern: '/error', access: ['permitAll']],
[pattern: '/index', access: ['permitAll']],
[pattern: '/index.gsp', access: ['permitAll']],
[pattern: '/shutdown', access: ['permitAll']],
[pattern: '/assets/**', access: ['permitAll']],
[pattern: '/**/js/**', access: ['permitAll']],
[pattern: '/**/css/**', access: ['permitAll']],
[pattern: '/**/images/**', access: ['permitAll']],
[pattern: '/**/favicon.ico', access: ['permitAll']],
[pattern: '/regular/**', access: ['ROLE_USER, ROLE_ADMIN']],
[pattern: '/admin/**', access: ['ROLE_ADMIN']],
]
Assume your have a Regular, and an Admin controllers, now with our username/password, we can access all the paths under Regular controller, but not the Admin one. You can fine tune the path, but typing the each of the path under a controller other than using **. Remember, order does matter here!