PoC for Roo Security Addon - User Registration, Forgot Password, Change Password, DB

**rohitghatol** · Jan 3rd, 2011, 11:01 AM

Hi All,
I created a Spring Roo Addon which injects security into existing Spring Roo Project. Currently this is in very early stage, you need to see the video to understand how to inject the addon and how to use the application after addon is inject.

Again, disclaimer this email is to only share my concept of Typical Security system required by Roo based web applications. (this leans towards passive code generation)

TypicalSecurity is a Spring Roo add on which injects following features in a Spring Roo App with single command
1. Databased User Role Security
2. Forgot Password
3. Change Password
4. User Registration with recaptcha and sending activation email
5. User Activation

Please note the project is far from stable, the default path works for now

http://code.google.com/p/spring-roo-...ical-security/
http://code.google.com/p/spring-roo-...GettingStarted

The YouTube Video for the same is here - http://www.youtube.com/my_videos_tim...id=Y-kuYj8vsYU

Cheers,
Rohit

**drinks.sobe** · Jan 3rd, 2011, 11:31 PM

I tried the you tube link above, but it asked for login to you tube.

After visiting your google code project site, the link to the video work.

http://www.youtube.com/watch?v=Y-kuYj8vsYU

Good job on the Addon! How long did it take you?

**delgad9** · Jan 4th, 2011, 12:04 AM

Hi Rohit,

I tried the add-on...
It works like a charm. Congrats!

jD

**hatim** · Jan 4th, 2011, 05:23 AM

very cool, thanks Rohit

The link for video is http://www.youtube.com/watch?v=Y-kuYj8vsYU&feature=404

**krimple** · Jan 5th, 2011, 05:24 AM

Awesome - are you submitting it as a Roo official add-on to the Roobot?

Ken

**rohitghatol** · Jan 5th, 2011, 10:12 AM

Originally Posted by drinks.sobe

I tried the you tube link above, but it asked for login to you tube.

After visiting your google code project site, the link to the video work.

http://www.youtube.com/watch?v=Y-kuYj8vsYU

Good job on the Addon! How long did it take you?

It look me around a week to understand the framework, but to code it, it was only a weekend.

**rohitghatol** · Jan 5th, 2011, 10:13 AM

Originally Posted by krimple

Awesome - are you submitting it as a Roo official add-on to the Roobot?

Ken

Hi Krimple,
Yes that is a plan, but I can't promise a timeline for the same. I will keep you posted

Cheers,
Rohit

**MiB** · Jan 7th, 2011, 06:23 PM

What were the main hurdles while developing this add-on?

I'll check it out! A very nice initiative. Thank you!

**atsuk** · Jan 8th, 2011, 09:16 AM

Good job! I have dreamed of smth similar to this ever since i first tried out "security setup" command.

I haven't jet had the time to try it out, but I have a comments regarding command that your addon provides.

1) Is there a good reason why "Typicalsecurity setup" command is not in lowercase as every other roo command I have seen so far?

2) Wouldn't it would be good idea to make this "typicalsecurity" command fragment available after user has typed security?
Analogically to default "security setup" i would suggest smth similar to following:
"security typical setup"
I guess then it would more intuitive for roo users - after telling/typing into roo shell "security" roo can suggest(after hitting TAB key or in STS Ctrl+Space) users which flavour of security should be set up.
I guess you only need to change 1 line in TypicalsecurityCommands.java:
@CliCommand(value = "security typical setup", help = "Setup Typicalsecurity addon")

Maybe help text should also reveal what this plugin does - for example that user management is DB-based "Setup DB-based Typicalsecurity addon that ..."

Anyway, what ever you decide based on my comments I hope that this plugin finally "lands" next to current roo default addons that come with the release

BR,
Ats.

**rohitghatol** · Jan 9th, 2011, 11:59 AM

I have More or less the same things planned "What you stated here".

Here is a short roadmap
1. Break up TypicalSecurity into following commands to something of following
- Typicalsecurity setup --type database
This adds database based AuthenticationProvider
- Typicalsecurity add forgotpassword
- Typicalsecurity add changepassword
- Typicalsecurity add userregistration --useCaptcha true

and in future
- Typicalsecurity thirdpartylogin google
- Typicalsecurity thirdpartylogin facebook

2. About the name, my first release is a PoC, I need to find time to get it to production taking care of many things along with the name and following
- Activation Email must use the context path of the application
- User Registration must take user to a "Registration successful Page" before taking to Login screen
- Enable encrypted passwords
- Put Proper Error messages for failure pages
- Support i18n for all generated pages

So lots of do, I will keep you guys posted. Any more suggestions on functionality is more than welcome

Cheers,
Rohit

Thread: PoC for Roo Security Addon - User Registration, Forgot Password, Change Password, DB

Thread Tools

Display

PoC for Roo Security Addon - User Registration, Forgot Password, Change Password, DB

Hurdles?

Tags for this Thread

Posting Permissions