In this article, Fadi Shami gives a walkthrough of integrating the grails-acegi plugin with a sample Grails application. As part of this integration, there are three major components which are used – Groovy, Grails and Acegi Security. The article guides the reader through the initial RaceTrack sample application setup, shows how to install the Grails-Acegi plugin into Grails, creates the Acegi security infrastructure, configures Acegi Security to protect the RaceTrack application, and finally tests that the security system is working as expected.
From the article's introduction:
This article assumes that you have completed the Grails tutorial found in Getting Started with Grails by Jason Rudolph, and have implemented the RaceTrack sample application. The grails-acegi plugin will then be integrated with RaceTrack to provide security for your application. Utilizing the grails-acegi plugin avoids the overhead of having to implement Grails interceptors in your application, provides more flexibility than interceptors, and also saves reimplementing your own security system by leveraging Acegi.
Read the full article here.
/filters:no_upscale()/sponsorship/topic/25afca57-6bcb-4c42-9a70-fbea10ce4fc7/MicrosoftLogoRSB-1678874949003.png)
/presentations/api-design-quality-security/en/smallimage/infoq-live-logo-s-1671624167850.jpg){kind=logo}
/articles/azure-functions-quarkus/en/smallimage/azure-functions-on-quarkus-3-1685542580748.jpg)
/articles/gdpr-with-spring-and-aop/en/smallimage/easy-implementation-of-GDPR-with-aspect-oriented-programming-small-1684505109873.jpg)
/articles/open-source-java-profilers/en/smallimage/unleash-power-of-open-source-java-profilers-small-1681206807197.jpg)
/articles/rmi-to-websocket/en/smallimage/migrate-a-RMI-based-legacy-application-to-WebSocket-small-1680106723513.jpg)
/articles/rapid-startup-of-your-cloud-native-java/en/smallimage/logo-1680293937095.jpg){kind=logo}
/articles/billions-messages-minute/en/smallimage/LOGO-1679471830613.jpg){kind=logo}
/minibooks/jhipster-mini-book-7/en/smallimage/logo-1677849630224.jpg){kind=logo}
/presentations/java-compiler-intermediate-representation/en/smallimage/chris_seaton-s-1679038354209.jpg)
/articles/series-apache-kafka-streams/en/smallimage/apache-kafka-article-series-logo-small-1673455781546.jpg){kind=logo}
/presentations/jfr-observability/en/smallimage/Ben Evans-s-1675024642432.jpg)
/articles/secure-kafka-cluster-strimzi/en/smallimage/securing-a-kafka-cluster-in-kubernetes-using-strimzi-small-1671647644310.jpg)
/minibooks/2022-infoq-trends-reports/en/smallimage/LOGO-1672051527011.jpg){kind=logo}
/articles/graalvm-java-compilers-openjdk/en/smallimage/small-image-jdk-2023-1671096273181.jpg)
/articles/java-jvm-trends-2022/en/smallimage/InfoQ-Trends-Report-small-1670863712433.jpeg)
/articles/learning-ebpf-observability/en/smallimage/learning-eBPF-for-better-observability-small-1684247266792.jpg)
/presentations/log4shell-security-response-patterns/en/smallimage/tapabrata-pal-small-1683102660516.jpg)
/articles/creating-decentralized-apps/en/smallimage/LOGO-1676916574942.jpg){kind=logo}
/articles/secure-delivery-workflow/en/smallimage/logo-1675435091128.jpg){kind=logo}
/presentations/secure-microservices/en/smallimage/Stefania Chaplin-s-1674204811056.jpg)
/articles/pipeline-quality-gates/en/smallimage/importance-of-pipeline-quality-gates-and-how-to-implement-them-small-1671622799937.jpg)
/presentations/analyze-vulnerabilities-scanner/en/smallimage/alex-smolen-s-1670589517338.jpg)
/minibooks/architecture-2023/en/smallimage/logo-1685600892155.jpg){kind=logo}
Community comments
Problem with acegi when configuring pooled=true in Datasource.groovy
by Franz Schmid,
Re: Problem with acegi when configuring pooled=true in Datasource.groovy
by Stefan Maiwald,
Are you missing the AuthenticateService object?
by ed young,
Re: Are you missing the AuthenticateService object?
by Fadi Shami,
Re: Are you missing the AuthenticateService object?
by Chen Jianfeng,
Re: Are you missing the AuthenticateService object?
by Chen Jianfeng,
Use lowercase in the RequestMapper URL patterns
by John Lindwall,
Re: Use lowercase in the RequestMapper URL patterns
by Franz Schmid,
Authentication with Active Directory
by Cross World,
BeanCreationException
by Heidi Nuhm,
How can I add new fields to AuthUser / User? Why 2 types of users?
by Bob Bowen,
Re: How can I add new fields to AuthUser / User? Why 2 types of users?
by yang poplar,
UrlMapping to redirect Error to a custom view throws IllegalStateException
by Stefan Maiwald,
Using Existing Acegi Components with Grails acegi plug in
by Chawki Mguedmini,
Some tips on Acegi and OpenId
by Rajiv Narula,
Dynamic Redirection issue
by Pooja bawa,
Problem with acegi when configuring pooled=true in Datasource.groovy
by Franz Schmid,
Your message is awaiting moderation. Thank you for participating in the discussion.
Hi,
first of all thank you very much for your (even for a newbie like me) easily understandable explanation.
First I got the example to work without problems. But to get better performance i wanted to have my database connections pooled. So I configured pooled=true in Datasource.groovy. As soon as i did this I could only call a few pages before the application stopped responding. After looking at debug output i think the reason is that acegi is waiting for getting another connection from connection pool.
Here are the last debug output statements:
org.acegisecurity.ui.WebAuthenticationDetails@255f8: RemoteIpAddress: 127.0.0.1; SessionId: 1raoz7gc3n0mf; Granted Authorities: ROLE_ANONYMOUS'
org.acegisecurity.providers.anonymous.AnonymousProcessingFilter Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@90572420: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@255f8: RemoteIpAddress: 127.0.0.1; SessionId: 1raoz7gc3n0mf; Granted Authorities: ROLE_ANONYMOUS'
org.acegisecurity.util.FilterChainProxy /customer/list at position 7 of 8 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@697087'
org.acegisecurity.util.FilterChainProxy /customer/list at position 7 of 8 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@697087'
org.acegisecurity.util.FilterChainProxy /customer/list at position 8 of 8 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInterceptor@5acf13'
org.acegisecurity.util.FilterChainProxy /customer/list at position 8 of 8 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInterceptor@5acf13'
org.hibernate.impl.SessionImpl opened session at timestamp: 4933924451647488
org.hibernate.jdbc.AbstractBatcher about to open PreparedStatement (open PreparedStatements: 0, globally: 0)
org.hibernate.jdbc.ConnectionManager opening JDBC connection
I seached and posted in grails user maillist, unfortunately without result.
Do you know about this problem?
Are you missing the AuthenticateService object?
by ed young,
Your message is awaiting moderation. Thank you for participating in the discussion.
I went through the article and put it to use in several apps.
I think the plugin is missing the AuthenticateService.groovy file. Because of this, you can't register a new user.
Am I missing something?
Thanks
Re: Are you missing the AuthenticateService object?
by Fadi Shami,
Your message is awaiting moderation. Thank you for participating in the discussion.
Not sure about the problem that your are having , but the plugin has the AuthenticateService.groovy. You should be able to find it in
%your application dir%\plugins\acegi-0.2\grails-app\services
Use lowercase in the RequestMapper URL patterns
by John Lindwall,
Your message is awaiting moderation. Thank you for participating in the discussion.
I loosely followed this excellent tutorial but instead of using the race/register controllers I used my own. The URL of my controller includes an uppercase letter, e.g. "purchaseOrder".
If you configure the Requestmap using mixed-case then the Acegi will fail to patern-match that URL, and hence fail to protect those pages.
e.g. /purchaseOrder/**
By enabling Acegi debugging I could see that Acegi was configured to convert all URLs to lowercase before attempting pattern matching. To fix this problem, I used lowercase URL patterns in the Requestmap and it worked great.
e.g. /purchaseorder/**
Thanks for the excellent tutorial!
Re: Use lowercase in the RequestMapper URL patterns
by Franz Schmid,
Your message is awaiting moderation. Thank you for participating in the discussion.
Thanks for the help. AuthenticateService.groovy is there in plugins directory.
I tried some more things and found out that if I use static requestMapString instead of useRequestMapDomainClass it works fine with my pooled datasource.
So it seems to me that there is a problem in data access (perhaps release of connections not correctly implemented) when loading database contents of table requestmap.
Re: Are you missing the AuthenticateService object?
by Chen Jianfeng,
Your message is awaiting moderation. Thank you for participating in the discussion.
Under %your application dir%\plugins\acegi-0.2\grails-app\services,I find no
AuthenticateService.groovy.But now I can register new users.
When trying to grails generate-registration,I can't get connection to Internet because I use the compus net and download jars then put them into lib file.First time I also could not register users.
And now I am confused.
Authentication with Active Directory
by Cross World,
Your message is awaiting moderation. Thank you for participating in the discussion.
Hi,
Thank you very much for your easily understandable tutorial.
Is there also any solution, to authenticate users from an Active Directory.
Can you tell me how to inplement that with grails or do you know any tutorials?
greets
Re: Are you missing the AuthenticateService object?
by Chen Jianfeng,
Your message is awaiting moderation. Thank you for participating in the discussion.
I have found the AuthenticateService.groovy in plugin directory.
Thanks!
BeanCreationException
by Heidi Nuhm,
Your message is awaiting moderation. Thank you for participating in the discussion.
Hi,
I've installed acegi in my application and have generated the domains, managers und registration. But when I try to compile and restart my Application, I got a BeanCreationException. I had to import the AuthenticateService manual. And there are errors in my Logincontroller like it doesn't find the imported packages.
Can anybody help me?
How can I add new fields to AuthUser / User? Why 2 types of users?
by Bob Bowen,
Your message is awaiting moderation. Thank you for participating in the discussion.
I am trying to add some additional fields to my user forms. I did so by editing AuthUser.groovy and adding them. I then ran grails generate-all AuthUser and it created the new create, and edit gsps.
But the problem is:
1. In the tutorial UserController is used, NOT AuthUserController. When I go to create a new User using UserController my new fields aren't there. How can I get Grails to generate my gsp's for user?
2. If I instead use the AuthUser controller, my new fields show up but the password doesn't save correctly. This is because AuthUserController doesn't have hardly any of the code UserController has, such as ciphering the password. Also, roles don't show up in the page, and I imagine won't be saved if I stick them there by hand.
I am not sure what the difference is between AuthUser and User but there is only one domain object, AuthUser, and only one table, auth_user. So if I want to add additional fields do I edit the AuthUser domain object but then edit by hand user/create.gsp, user/edit.gsp?
Thanks,
Bob
UrlMapping to redirect Error to a custom view throws IllegalStateException
by Stefan Maiwald,
Your message is awaiting moderation. Thank you for participating in the discussion.
First of all, thanks for that helpful tutorial.
As far as described, I was able to follow and to make it work. Even the basic tutorial at the grails.org site works.
The next step I try to redirect to a more user friendly view when the HTTP Error 403 comes via UrlMappings.groovy like:
But this leads to an Exception:
...
Nested in org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request
...
Seems that there's something missing?
Cheers
Stefan
Re: Problem with acegi when configuring pooled=true in Datasource.groovy
by Stefan Maiwald,
Your message is awaiting moderation. Thank you for participating in the discussion.
Hello Franz,
I discovered the same problem in a similar environment.
Seems like a bug.
Cheers
S.
Re: How can I add new fields to AuthUser / User? Why 2 types of users?
by yang poplar,
Your message is awaiting moderation. Thank you for participating in the discussion.
after you modify your authUser, use "grails generate-manager" to complete your user contoll.
Using Existing Acegi Components with Grails acegi plug in
by Chawki Mguedmini,
Your message is awaiting moderation. Thank you for participating in the discussion.
First of all, thank you for this excellent tutorial.
I want to know if is't possible to use an already existing Acegi Components with the Grails acegi plugin and how.
Thanks in advance
Chawki
Some tips on Acegi and OpenId
by Rajiv Narula,
Your message is awaiting moderation. Thank you for participating in the discussion.
I faced some issues while implementing OpenId with Acegei
See my post below
www.rajivnarula.com/blog/2009/11/16/grails-and-...
HTH
Dynamic Redirection issue
by Pooja bawa,
Your message is awaiting moderation. Thank you for participating in the discussion.
Hi,
I am stuck on dynamically redirecting user to original page after redirect to Login page, please let through example.
Regards