Quantcast

Forcing authentication of user in Grails filter using Shiro

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Forcing authentication of user in Grails filter using Shiro

rosenfeld
Hi, it's very boring that every time I modify my domain classes the framework is restarted and I lose my login session.

I would like to be able to automatically authenticate as a specific user in development mode in my authentication filters, instead of redirecting me to the login page.

I'm new to Shiro though. Any idea of how to implement this using Shiro?

Thanks in advance!

P.S: Also this is my first post in this list :)
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Forcing authentication of user in Grails filter using Shiro

Sam Carr
I solve this irritation by implementing the "remember me" checkbox in my login form (easy courtesy of Spring security plugin) and using it as required. Obviously for some projects that won't be allowable though.

On 27 Jul 2011, at 15:28, rosenfeld <[hidden email]> wrote:

> Hi, it's very boring that every time I modify my domain classes the framework
> is restarted and I lose my login session.
>
> I would like to be able to automatically authenticate as a specific user in
> development mode in my authentication filters, instead of redirecting me to
> the login page.
>
> I'm new to Shiro though. Any idea of how to implement this using Shiro?
>
> Thanks in advance!
>
> P.S: Also this is my first post in this list :)
>
> --
> View this message in context: http://grails.1312388.n4.nabble.com/Forcing-authentication-of-user-in-Grails-filter-using-Shiro-tp3698679p3698679.html
> Sent from the Grails - user mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Forcing authentication of user in Grails filter using Shiro

rosenfeld
In reply to this post by rosenfeld
Well, I found what I wanted by myself:

import org.apache.shiro.SecurityUtils

import org.apache.shiro.authc.UsernamePasswordToken
import grails.util.Environment

//filters = { ...
before = {

   if (Environment.current.name == 'development' && !SecurityUtils.subject.principal)
                SecurityUtils.subject.login(new UsernamePasswordToken('admin', 'password'))
   //...
}

----- Mensagem original -----
De: rosenfeld <[hidden email]>
Para: [hidden email]
Cc:
Enviadas: Quarta-feira, 27 de Julho de 2011 11:28
Assunto: [grails-user] Forcing authentication of user in Grails filter using Shiro

Hi, it's very boring that every time I modify my domain classes the framework
is restarted and I lose my login session.

I would like to be able to automatically authenticate as a specific user in
development mode in my authentication filters, instead of redirecting me to
the login page.

I'm new to Shiro though. Any idea of how to implement this using Shiro?

Thanks in advance!

P.S: Also this is my first post in this list :)

--
View this message in context: http://grails.1312388.n4.nabble.com/Forcing-authentication-of-user-in-Grails-filter-using-Shiro-tp3698679p3698679.html
Sent from the Grails - user mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Forcing authentication of user in Grails filter using Shiro

rosenfeld
In reply to this post by Sam Carr
Thank you, Sam, but for my development mode the cookies seems to be stored in memory so that the "remember me" feature, which is already enabled in my project anyway, won't work for me.

Em 27-07-2011 11:39, Sam Carr [via Grails] escreveu:
I solve this irritation by implementing the "remember me" checkbox in my login form (easy courtesy of Spring security plugin) and using it as required. Obviously for some projects that won't be allowable though.

On 27 Jul 2011, at 15:28, rosenfeld <[hidden email]> wrote:

> Hi, it's very boring that every time I modify my domain classes the framework
> is restarted and I lose my login session.
>
> I would like to be able to automatically authenticate as a specific user in
> development mode in my authentication filters, instead of redirecting me to
> the login page.
>
> I'm new to Shiro though. Any idea of how to implement this using Shiro?
>
> Thanks in advance!
>
> P.S: Also this is my first post in this list :)
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Forcing authentication of user in Grails filter using Shiro

Les Hazlewood-2
If you enable Shiro's native sessions and use the Shiro ehcache
support, sessions will be persisted to disk by default - you can start
and stop the container as many times as you want and they won't be
lost.  Sessions will still time-out if they're not accessed during the
timeout period, but you could always set set your particular session
to never time out:

SecurityUtils.getSubject().getSession().setTimeout(-1);

This is another benefit of using Shiro's native sessions instead of
the (default) servlet container sessions.

HTH,

--
Les Hazlewood
CTO, Katasoft | http://www.katasoft.com | 888.391.5282
twitter: http://twitter.com/lhazlewood
katasoft blog: http://www.katasoft.com/blogs/lhazlewood
personal blog: http://leshazlewood.com

On Wed, Jul 27, 2011 at 9:24 PM, rosenfeld <[hidden email]> wrote:

> Thank you, Sam, but for my development mode the cookies seems to be stored
> in memory so that the "remember me" feature, which is already enabled in my
> project anyway, won't work for me.
>
> Em 27-07-2011 11:39, Sam Carr [via Grails] escreveu:
>
> I solve this irritation by implementing the "remember me" checkbox in my
> login form (easy courtesy of Spring security plugin) and using it as
> required. Obviously for some projects that won't be allowable though.
>
> On 27 Jul 2011, at 15:28, rosenfeld <[hidden email]> wrote:
>
>> Hi, it's very boring that every time I modify my domain classes the
>> framework
>> is restarted and I lose my login session.
>>
>> I would like to be able to automatically authenticate as a specific user
>> in
>> development mode in my authentication filters, instead of redirecting me
>> to
>> the login page.
>>
>> I'm new to Shiro though. Any idea of how to implement this using Shiro?
>>
>> Thanks in advance!
>>
>> P.S: Also this is my first post in this list :)
>>
>
>
> ________________________________
> View this message in context: Re: Forcing authentication of user in Grails
> filter using Shiro
> Sent from the Grails - user mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Forcing authentication of user in Grails filter using Shiro

rosenfeld
Great Les! Thank you.

The only problem is that I have no idea how to do that... :P

Where can I find those instructions?

Best regards,

Rodrigo.

Em 28-07-2011 16:48, Les Hazlewood-2 [via Grails] escreveu:
If you enable Shiro's native sessions and use the Shiro ehcache
support, sessions will be persisted to disk by default - you can start
and stop the container as many times as you want and they won't be
lost.  Sessions will still time-out if they're not accessed during the
timeout period, but you could always set set your particular session
to never time out:

SecurityUtils.getSubject().getSession().setTimeout(-1);

This is another benefit of using Shiro's native sessions instead of
the (default) servlet container sessions.

HTH,

--
Les Hazlewood
CTO, Katasoft | http://www.katasoft.com | 888.391.5282
twitter: http://twitter.com/lhazlewood
katasoft blog: http://www.katasoft.com/blogs/lhazlewood
personal blog: http://leshazlewood.com

On Wed, Jul 27, 2011 at 9:24 PM, rosenfeld <[hidden email]> wrote:

> Thank you, Sam, but for my development mode the cookies seems to be stored
> in memory so that the "remember me" feature, which is already enabled in my
> project anyway, won't work for me.
>
> Em 27-07-2011 11:39, Sam Carr [via Grails] escreveu:
>
> I solve this irritation by implementing the "remember me" checkbox in my
> login form (easy courtesy of Spring security plugin) and using it as
> required. Obviously for some projects that won't be allowable though.
>
> On 27 Jul 2011, at 15:28, rosenfeld <[hidden email]> wrote:
>
>> Hi, it's very boring that every time I modify my domain classes the
>> framework
>> is restarted and I lose my login session.
>>
>> I would like to be able to automatically authenticate as a specific user
>> in
>> development mode in my authentication filters, instead of redirecting me
>> to
>> the login page.
>>
>> I'm new to Shiro though. Any idea of how to implement this using Shiro?
>>
>> Thanks in advance!
>>
>> P.S: Also this is my first post in this list :)
>>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Forcing authentication of user in Grails filter using Shiro

pledbrook
> Great Les! Thank you.
>
> The only problem is that I have no idea how to do that... :P

Add

    security.shiro.session.mode="native"

to your Config.groovy file.

> Where can I find those instructions?

Erm...web search at the moment I'm afraid. If anyone wants to
contribute to a user guide, I'm happy to help.

Peter

--
Peter Ledbrook
Grails Advocate
SpringSource - A Division of VMware

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Forcing authentication of user in Grails filter using Shiro

rosenfeld
Thank you, Peter. But, actually, this alone didn't work for me.

Here is what I tried:

- added this setting to Config.groovy
- started the application
- authenticated myself (it doesn't matter if I use the "remember me"
feature of Shiro or not, the effect is the same)
- restarted the application
- the application forgot my session and is asking for my credentials again

Any idea?

Thanks agains!

Rodrigo.

Em 29-07-2011 04:24, pledbrook [via Grails] escreveu:

> > Great Les! Thank you.
> >
> > The only problem is that I have no idea how to do that... :P
>
> Add
>
>     security.shiro.session.mode="native"
>
> to your Config.groovy file.
>
> > Where can I find those instructions?
>
> Erm...web search at the moment I'm afraid. If anyone wants to
> contribute to a user guide, I'm happy to help.
>
> Peter
>
> --
> Peter Ledbrook
> Grails Advocate
> SpringSource - A Division of VMware

Loading...