Grails Plugin external authentication

> Hello,
>
> I am writing grails plugin to have forum inside your grails
> application. I would like not to use any internal authentication
> because i believe everyone would have their own implementation how the
> users authenticate. Do you have any suggestions what would be the best
> way to integrate external authentication method? Maybe there is
> existing plugin to see an example?
>
> Edvinas
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>
>

> The spring security plugin can use the request map approach for securing URL's.
>
> http://www.grails.org/AcegiSecurity+Plugin+-+Securing+URLs
>
> Because URL's are being secured the user will not need to touch the
> source code for your plugin. If the user was using the annotations
> approach (my preferred) then they would need to append to your plugins
> code.
>
> These are just two of the many security approaches available for Grails.
>
> On Mon, Mar 1, 2010 at 3:11 AM, Edvinas Bartkus <[hidden email]> wrote:
>> Hello,
>>
>> I am writing grails plugin to have forum inside your grails
>> application. I would like not to use any internal authentication
>> because i believe everyone would have their own implementation how the
>> users authenticate. Do you have any suggestions what would be the best
>> way to integrate external authentication method? Maybe there is
>> existing plugin to see an example?
>>
>> Edvinas
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this list, please visit:
>>
>>    http://xircles.codehaus.org/manage_email
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>
>

>> I believe having clear solution for this situation would be possible
>> to write more great plugins who would provide working parts for the
>> application.
>>
>> My idea is to have an interface that must be implemented to have the
>> plugin working. Interface would require to have main methods to get
>> current user, to know what is the class of User object and etc.
>> Is there a more convenient over configuration solution?
>
> It has been suggested that Grails has a defined security API that the
> different plugins can implement. That would probably be ideal for you,
> but nothing has been done yet. Any one fancy starting a Security API
> Working Group?
>
> Cheers,
>
> Peter
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>
>

> Hello,
>
> I am writing grails plugin to have forum inside your grails
> application. I would like not to use any internal authentication
> because i believe everyone would have their own implementation how the
> users authenticate. Do you have any suggestions what would be the best
> way to integrate external authentication method? Maybe there is
> existing plugin to see an example?
>
> Edvinas
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>
>

> You might have a look at the Taggable, Rateable or Commentable plugins.
>
> These plugins use a  closure to evaluate the current user.  You could
> use the same approach in your plugin
>
> (That is until there is a defined security api)
>
> On Sun, Feb 28, 2010 at 9:11 AM, Edvinas Bartkus <[hidden email]> wrote:
>> Hello,
>>
>> I am writing grails plugin to have forum inside your grails
>> application. I would like not to use any internal authentication
>> because i believe everyone would have their own implementation how the
>> users authenticate. Do you have any suggestions what would be the best
>> way to integrate external authentication method? Maybe there is
>> existing plugin to see an example?
>>
>> Edvinas
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this list, please visit:
>>
>>    http://xircles.codehaus.org/manage_email
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>
>

> Marc Palmer wrote:
>>
>> My view on this, from a previous post:
>>
>> http://www.pubbs.net/grails/200910/34895/
>>  
>
> I agree, being overly prescriptive ends up annoying too many people, in addition to complicating the core.
>
>
>
>>    def securityDelegate = [
>>        getUserName : { -> "unknown" },
>>        getUserEmail : { -> "unknown@localhost" },
>>        getUserPrincipal : { -> [id:'unknown', name:'unknown', email:"unknown@localhost"] },
>>        getUserRoles: { -> ['ROLE_ADMIN'] }
>>    ]
>>  
>
> So would the delegate simply be injected via Spring, or whatever metaclass mechanism Grails uses for things like errors objects?
> How are you handling authorization hooks or is it a simple hasRole(role)?
>

>> It would open doors for richer grails plugins for sure. However, is it
>> possible to have such an API and would other security plugins accept
>> the API?
>>
>> As I understand it is the big inner Grails thing and only possible
>> with core team support. What were the pros and cons?
>
> I don't believe that development of a security API requires the
> involvement of the core Grails team. All you really want is a standard
> specification split between authentication and authorisation that fits
> the needs of 80% of users. Security plugins could then implement
> either the authentication part, the authorisation part, or both.
>
> Of course, if someone gets this ball rolling, you'll need the
> involvement of the main security plugin authors: Burt Beckwith, Marc
> Palmer, and myself. If I missed anyone of that list, apologies.
>
> I suggest potential discussions take part on the grails-dev list with,
> say "WG-SEC" in the subject, or something like that.
>

>
> On 1 Mar 2010, at 16:00, Peter Ledbrook wrote:
>
>>> It would open doors for richer grails plugins for sure. However, is it
>>> possible to have such an API and would other security plugins accept
>>> the API?
>>>
>>> As I understand it is the big inner Grails thing and only possible
>>> with core team support. What were the pros and cons?
>>
>> I don't believe that development of a security API requires the
>> involvement of the core Grails team. All you really want is a standard
>> specification split between authentication and authorisation that fits
>> the needs of 80% of users. Security plugins could then implement
>> either the authentication part, the authorisation part, or both.
>>
>> Of course, if someone gets this ball rolling, you'll need the
>> involvement of the main security plugin authors: Burt Beckwith, Marc
>> Palmer, and myself. If I missed anyone of that list, apologies.
>>
>> I suggest potential discussions take part on the grails-dev list with,
>> say "WG-SEC" in the subject, or something like that.
>>
>
> I agree with the sentiment about a convention, but I disagree that grails core should not be involved.
>
> Out of the box grails should provide dynamic methods/properties to access auth information, and util classes for accessing it according to the contract specification we come up with, from outside artefacts.
>
> Eg controllers could have the following added dynamically by a "grails-auth" core plugin:
>
> r/o property: userName
> r/o property: userEmail
> r/o property: userRoles
> r/o property: userPrincipal
>
> method: userLogOut()
> method: userIsPermitted(somePermissionObject, Closure = null)
>
> Other artefacts/classes would be able to access these via an AuthenticationDataHolder that hides the details of how this stuff is provided by the underlying plugin implementing it all.
>
> By putting the impl for this in grails we make the specification solid and avoid problems with divergent implementations - if you don't supply the right info to the core grails code, then -you- are broken. :)
>
> This also means that any such helper code is safely in the org.grails namespace etc.
>
> My $0.02
>
> Marc
> ~ ~ ~
> Marc Palmer
> Blog         > http://www.anyware.co.uk
> Twitter      > http://twitter.com/wangjammer5
> Grails Rocks > http://www.grailsrocks.com
>
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>
>