dn667
Jun 2nd, 2011, 03:48 PM
Hello all,
Yesterday I started upgrading our Grails app from Acegi plugin 0.5.2 to the Spring security plugin. I'm running into a few issues, maybe anyone can help here?
After making the necessary changes (as documented by Burt Beckwith on http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/guide/) I was able to start the Grails app once again (woohoo!). However, logging in didn't work anymore.
Our situation is as follows: we use our Grails application pure for its application logic. Authentication is done using a username and password through webservices. As backends we use the database of the app (dao) and a LDAP backend. For now, we've disabled LDAP, to make testing easier.
This is the code which does the authentication:
def authenticate(String username, String password) {
try {
println "Trying authentication with user " + username + " and password " + password + "."
def tempToken = new UsernamePasswordAuthenticationToken(username, password)
println "Temptoken is " + tempToken
def token = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password))
println "Authentication token received was: " + token
} catch (AuthenticationException authenticationException) {
return false
}
return true
}
This prints to the log:
Trying authentication with user admin and password admin.
Temptoken is org.springframework.security.providers.UsernamePas swordAuthenticationToken@1f: Principal: admin; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities
And then it all stops.
The domain classes we use are rather straightforward. We do not use a class such as the User Role for the joins between people and their authorities. Instead we use a many-to-many mapping, as this has always worked for us and is easy to maintain.
Our authority domain class:
class Authority {
static hasMany = [people: Person]
/** description */
String description
/** ROLE String */
String authority = ''
String authorityType
static constraints = {
authority(help:'x',class:'wide',blank: false,unique:true)
description(help:'x',class:'extrawide')
authorityType(help:'x',class:'wide')
people(help:'x',selectSort:'username',display:fals e)
}
String toString() {
return authority;
}
}
And our Person domain class:
class Person {
static hasMany = [authorities: Authority]
static belongsTo = Authority
//Authority primaryGroup
/** Username */
String username
/** User Real Name*/
String userRealName
String familyName
String givenName
/** MD5 Password */
String passwd
/** enabled */
boolean enabled
String email
boolean emailShow
/** description */
String description = ''
static constraints = {
username(blank: false, unique: true,help:'x',class:'wide')
userRealName(blank: false,help:'x',class:'wide')
familyName(blank: false,help:'x',class:'wide')
givenName(blank: false,help:'x',class:'wide')
email(help:'x',class:'wide')
emailShow(help:'x')
enabled(help:'x')
passwd(blank: false,password:true,show:false,help:'x',class:'wid e')
authorities(nullable:true,help:'x',sortable:true,s electSort:'authority')
}
String toString() {
return username;
}
}
In Config.Groovy, we have defined:
security {
grails.plugins.springsecurity.active = true
cacheUsers = false
grails.plugins.springsecurity.providerNames = ['daoAuthenticationProvider', 'anonymousAuthenticationProvider', 'rememberMeAuthenticationProvider']
grails.plugins.springsecurity.userLookUp.userDomai nClassName = "Person"
grails.plugins.springsecurity.userLookup.passwordP ropertyName = "passwd"
grails.plugins.springsecurity.authority.className = "Authority"
As far as the documentation goes, this should work by all means (and so it did for the "old" Acegi setup).
To gather some more insights I briefly activated LDAP and found the same issue. WireShark told me that no LDAP calls were made during the login process. My guess would be that either there's something wrong with the code in the Authenticate function or SpringSecurity doesn't know how to pick up our domain classes.
I'd be glad to read any insights!
Yesterday I started upgrading our Grails app from Acegi plugin 0.5.2 to the Spring security plugin. I'm running into a few issues, maybe anyone can help here?
After making the necessary changes (as documented by Burt Beckwith on http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/guide/) I was able to start the Grails app once again (woohoo!). However, logging in didn't work anymore.
Our situation is as follows: we use our Grails application pure for its application logic. Authentication is done using a username and password through webservices. As backends we use the database of the app (dao) and a LDAP backend. For now, we've disabled LDAP, to make testing easier.
This is the code which does the authentication:
def authenticate(String username, String password) {
try {
println "Trying authentication with user " + username + " and password " + password + "."
def tempToken = new UsernamePasswordAuthenticationToken(username, password)
println "Temptoken is " + tempToken
def token = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password))
println "Authentication token received was: " + token
} catch (AuthenticationException authenticationException) {
return false
}
return true
}
This prints to the log:
Trying authentication with user admin and password admin.
Temptoken is org.springframework.security.providers.UsernamePas swordAuthenticationToken@1f: Principal: admin; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities
And then it all stops.
The domain classes we use are rather straightforward. We do not use a class such as the User Role for the joins between people and their authorities. Instead we use a many-to-many mapping, as this has always worked for us and is easy to maintain.
Our authority domain class:
class Authority {
static hasMany = [people: Person]
/** description */
String description
/** ROLE String */
String authority = ''
String authorityType
static constraints = {
authority(help:'x',class:'wide',blank: false,unique:true)
description(help:'x',class:'extrawide')
authorityType(help:'x',class:'wide')
people(help:'x',selectSort:'username',display:fals e)
}
String toString() {
return authority;
}
}
And our Person domain class:
class Person {
static hasMany = [authorities: Authority]
static belongsTo = Authority
//Authority primaryGroup
/** Username */
String username
/** User Real Name*/
String userRealName
String familyName
String givenName
/** MD5 Password */
String passwd
/** enabled */
boolean enabled
String email
boolean emailShow
/** description */
String description = ''
static constraints = {
username(blank: false, unique: true,help:'x',class:'wide')
userRealName(blank: false,help:'x',class:'wide')
familyName(blank: false,help:'x',class:'wide')
givenName(blank: false,help:'x',class:'wide')
email(help:'x',class:'wide')
emailShow(help:'x')
enabled(help:'x')
passwd(blank: false,password:true,show:false,help:'x',class:'wid e')
authorities(nullable:true,help:'x',sortable:true,s electSort:'authority')
}
String toString() {
return username;
}
}
In Config.Groovy, we have defined:
security {
grails.plugins.springsecurity.active = true
cacheUsers = false
grails.plugins.springsecurity.providerNames = ['daoAuthenticationProvider', 'anonymousAuthenticationProvider', 'rememberMeAuthenticationProvider']
grails.plugins.springsecurity.userLookUp.userDomai nClassName = "Person"
grails.plugins.springsecurity.userLookup.passwordP ropertyName = "passwd"
grails.plugins.springsecurity.authority.className = "Authority"
As far as the documentation goes, this should work by all means (and so it did for the "old" Acegi setup).
To gather some more insights I briefly activated LDAP and found the same issue. WireShark told me that no LDAP calls were made during the login process. My guess would be that either there's something wrong with the code in the Authenticate function or SpringSecurity doesn't know how to pick up our domain classes.
I'd be glad to read any insights!