HomeSupportForumsCoreAuthorization

Grails plugin, is something wrong in my permission configuration?

Wed, 10/24/2007 - 5:36pm — mehdi

Hi everybody, (i hope this is the right place to ask this question)

I am using Jsecurity in a grails project. Can anybody tell me why the user admin doesn't get any of its supposed authorizations.

Here's a brief Smile description of my security configuration :

  1. I have 4 type of actors/roles (Maitre, Comptable, Stagiaire, Secretaire) (yes it's french Smile).
  2. Each actor can only have one role
  3. One of the roles is a super user (Maitre)
So in my implementation i've created a permission EtudePerm.groovy
 
import org.jsecurity.authz.AbstractPermission

class EtudePerm extends AbstractPermission {
    private static allowedActions = Collections.unmodifiableSet([ 'Liste', 'Consultation', 'Creation', 'Modification', 'Suppression' ] as Set)

    EtudePerm(String target, String actions) {
        super(target, actions)
    }

    EtudePerm(String target, List actions) {
        super(target, actions as Set)
    }

    Set getPossibleActions() {
        return allowedActions
    }
}
 
I have defined this role and those permissions in the bootstrap :
 
          def admin = JsecUser.findByUsername('admin')
          if(!admin){
              admin = new JsecUser(username: 'admin', passwordHash: DigestUtils.shaHex('secret'))
              admin.save()
              new JsecUserRoleRel(user: admin, role: maitreRole).save()
          }
          def p1 = JsecPermission.findByType('EtudePerm')
          if (!p1) {
            p1 = new JsecPermission(type: 'EtudePerm', possibleActions: 'Liste, Consultation, Creation, Modification, Suppression')
            p1.save()
            new JsecRolePermissionRel(role:maitreRole, permission:p1, target:'Dossiers', actions:['Liste', 'Consultation', 'Creation', 'Modification', 'Suppression']).save()
            new JsecRolePermissionRel(role:stagiaireRole, permission:p1, target:'Dossiers', actions:['Liste', 'Consultation', 'Creation', 'Modification']).save()
            new JsecRolePermissionRel(role:comptableRole, permission:p1, target:'Dossiers', actions:['Liste','Consultation']).save()
            new JsecRolePermissionRel(role:secretaireRole, permission:p1, target:'Dossiers', actions:['Liste']).save()
          }
 
 
And finally in my controller (DossierController.groovy) i've setup permissions :
 
class DossierController extends JsecAuthBase {

    static accessControl = {
        permission(perm: new EtudePerm('Dossiers', [ 'Liste' ]),
                   action: 'list')
                  
        permission(perm: new EtudePerm('Dossiers', [ 'Consultation' ]),
                   action: 'show')

        permission(perm: new EtudePerm('Dossiers', [ 'Modification' ]),
                   only: [ 'edit', 'update' ])

        permission(perm: new EtudePerm('Dossiers', [ 'Creation' ]),
                   only: [ 'create', 'save' ])
                  
        permission(perm: new EtudePerm('Dossiers', [ 'Suppression' ]),
                   only: [ 'delete'])
    }
    def index = { redirect(action:list,params:params) }

    // the delete, save and update actions only accept POST requests
    def allowedMethods = [delete:'POST', save:'POST', update:'POST']

    def list = {
        if(!params.max)params.max = 20
        if(!params.sort){
            params.sort = "dateCreation"
            params.order = "desc"
        }
        [ dossierList: Dossier.list( params) ]
    }

...
 
 
 
when i acccess the 'list' action with user admin, i get rejected! i conclude that something's wrong with my configuration... Any clues guys?
 
Cheers
Mehdi 
‹ Instance level security on domain objects how to use taglibs to check for at least one role ›
Thu, 10/25/2007 - 1:04am — pledbrook

Hi Mehdi, I have looked

Hi Mehdi,
 
I have looked into this and there seem to be multiple problems. I fixed several of them locally, but there's one that I'm not sure how to fix. Which version of Grails are you using? I just tested with 0.6 (I think the plugin was tested against 0.5.6).
 
BTW, questions regarding the Grails plugin are best directed to the user@grails.codehaus.org mailing list:
 
 
You can mail the list via Nabble if you don't fancy registering:
 
 
Cheers,
 
Peter
 
Thu, 10/25/2007 - 4:20am — mehdi

Hi Peter,First of all thanks

Hi Peter,

First of all thanks for this great plugin, it really saved mo a lot of time. I had the authentication feature working right after download! I was using roles only at first, it worked quite well, but i could not manage to fit them for my evolving needs so i switched to permissions+roles.

FYI i first installed grails 0.6+jsecurity then i upgraded grails to 1.0-RC1

 I'll post my questions later to grails user mailing list as you recommend. Thanks Peter.

Cheers,
Mehdi

Wed, 10/24/2007 - 9:24pm — lhazlewood

Hi Mehdi!

Hi Mehdi!

We're happy to see you're using the Grails plugin, but we don't have too much knowledge at the moment about the inner workings of the plugin - it is written and managed by Peter Ledbrook in the Grails community:

Grails JSecurity Plugin

I've forwarded on this post to Peter's email address - he's a really nice gent and I'm sure he can point you in the right direction.

Best regards,

Les

Thu, 10/25/2007 - 4:04am — mehdi

Hi Les!I use this plugin

Hi Les!

I use this plugin because it worked within 15 minutes (download included Wink) . I think Jsecurity is really what Java needs : security out of the box. It makes a good duo with grails since they are both "easy centric".

I'll check with the grails-user mailing list for my issue, thanks a lot!

Cheers,

Mehdi