HomeSupportForumsCoreAuthentication

Newbie needs guidance

Tue, 01/29/2008 - 5:53am — aviast

Hi all!

I very recently discovered Grails and as a big fan of Ruby on Rails I thought I'd give it a go.

I've decided to use grails to develop a simple pilot log book application. I installed the JSecurity plugin with the "grails install-plugin" command but then I noticed that the "alpha" of version 1.0 is available so I checked the latest source code out of subversion (after deleting the plugin from my grails app).

Question 1: I used "ant jar" to build a jar which I then dropped into my grails application's <application root>/lib.
Could someone please confirm that this is a reasonable thing to do?

The documentation on the grails website is obviously completely irrelevant to this version of JSecurity as the classes referenced in the docs no-longer exist. (Or were they added when the Grails plugin was created?)

The docs start by telling the developer to change each controller to extend JSecAuthBase. This class does not exist so I've created an "ApplicationController" to fill this role and I've figured that I need to define a "beforeInterceptor" in this class:


def beforeInterceptor = {
    new AuthenticationInterceptor()
}

Question 2: Am I on the right track? I obviously need to do something with my AuthenticationInterceptor but I'm not quite sure what yet.

On another tack: my pilot log book has a small number (so far) of domain classes: Aircraft, Airfield, Pilot, and LogBookEntry. My "Pilot" class obviously represents my user so I have defined this class thusly:


class Pilot implements org.jsecurity.authc.Account {
...
}

...and I have provided implementations of the methods to get and set username and password details.

Question 3: Am I on the right track with this? I feel completely blind without any current documentation so constructive feedback would be greatly appreciated.

With regards to the documentation: I'd be willing to throw something together once I've figured out how this all fits together.

Regards,

Michael

‹ JSecurity fillters in IBM RAD 7 Apparent mis-match between ModularRealmAuthenticator and AbstractRealm ›
Sat, 02/16/2008 - 12:16pm — pledbrook

Hi Michael, This is probably

Hi Michael,

This is probably far too late for you (sorry, I don't often check the forums), but I would search the grails-user mailing list on Nabble for e-mails regarding the JSecurity plugin for Grails. You can basically install a development version that works with the latest JSecurity refactorings by using this command line:

grails install-plugin jsecurity 0.2-SNAPSHOT

At least one of the mails on the list explains how to set up a Grails filter to define security settings. JsecAuthBase is no longer used. Everything else works as before pretty much.

If you have any questions about the plugin, please post to the grails-user mailing list.

Regards,

Peter

Tue, 01/29/2008 - 12:10pm — lhazlewood

Hi Michael!

Hi Michael!

I'm always encouraged to see folks such as yourself ready to jump right in! I'll try to address your questions as best as I can:

First let me say though, that the JSecurity source code does not reference or integrate with Groovy/Grails. That is the job of the Grails plugin that is developed and maintained by Peter Ledbrook of G2One. So, unfortunately, I can't answer any of the plugin/groovy questions here - I definitely recommend joining the Grails user list though, as there are a _lot_ of receptive folks on that list who would help you out. Peter will probably chime in directly to help you out.

Now I'll try to address at least some of your questions.

1) You did build JSecurity correctly, and the resulting jar is what the Grails plugin uses. Its just the JSecurity codebase is modifed for 1.0 alpha (to be released in a few days), and the Grails plugin has not yet been modified for this codebase. I suspect as soon as I release 1.0 alpha, then Peter will update the Grails plugin accordingly as soon as he is able.

For what it's worth, I don't think the Grails plugin requires subclassing JSecAuthBase anymore. I believe any controller is now supported.

2) I don't think you need to mess with the AuthenticationInterceptor directly. The soon-to-be-updated Grails plugin will take care of any interception logic for you automatically (to the best of my knowledge).

As far as implementing org.jsecurity.authc.Account in your Pilot class, that is certainly one way to do it, but we don't recommend it. JSecurity tries to be as non-invasive as possible to your domain model. Another approach would be to just use an instance of org.jsecurity.authc.support.SimpleAccount and just return that from your Realm implementation's getAccount() method.

But all of this might be encapsulated by the plugin anyway and you might not have to work with any Account or Realm interfaces/implementations at all - please check the Grails user mailing list for someone there to elaborate for you.

3) You're definitely on the right track as far as the core JSecurity API concepts are concerned, but you might not even have to use them much, if at all with the udpated plugin. I hope to have 1.0 alpha out in 2 or 3 days (Jan 31st, Feb 1st), and after that the plugin should be updated so you wouldn't have to do any more manual investigation.

Anyway, I'm sorry I couldn't exactly solve your problems, but hopefully the pointer to the Grails Mailing Lists will suffice for a few more days.

Thanks so much for the thoughtful and interesting post. We hope to make lives much easier with documentation very very shortly.

Best regards,

Les