Quantcast
Grails Grails - user

Migrating Acegi plugin to new Security plugin

classic Classic list List threaded Threaded
11 messages Options
lubosp
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Migrating Acegi plugin to new Security plugin

lubosp
Hi all,

I have just successfully migrated Acegi plugin to new Security plugin. In case some else will go through the same process, here are my notes.

Burt, thanks for the new plugin and very good documentation. Feel free to take these notes, edit them and add them to the plugin doc if you wish.

* Create bookstore tutorial project, get files from the tutorial project (login, logout, user, role)

* Uninstall plugin acegi, install plugin spring-security-core

* Replace authenticateService with springSecurityService

* When creating user use UserRole.create user, role, true instead of user.addToAuthorities

* Edit Config.groovy:

grails.plugins.springsecurity.userLookup.userDomainClassName = '...User'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = '...UserRole'
grails.plugins.springsecurity.authority.className = '...Role'

* To get currently logged user:

instead of:
    def currUser = authenticateService.userDomain()
use:
        springSecurityService.principal
       
* Remove SecurityConfig.groovy

* Replace authenticateService.ifAnyGranted with SpringSecurityUtils.ifAnyGranted, it is not springSecurityService, it is static SpringSecurityUtils

* Replace:
import org.codehaus.groovy.grails.plugins.springsecurity.Secured
with
import grails.plugins.springsecurity.Secured

* Edit/replace LoginController from tutorial
* Edit/replace LogoutController from tutorial
* Edit/replace RoleController from tutorial
* Edit/replace domain classes User, Role, UserRole from tutorial

* Replace @Secured(['ROLE_ANONYMOUS']) with @Secured(['IS_AUTHENTICATED_ANONYMOUSLY'])

* In *.gsp files:

* Replace <g:ifAnyGranted role=...> with <sec:ifAnyGranted roles=...>, note role attribute changed to roles

* Replace <g:set var="username" value="${loggedInUserInfo(field:'username')}" /> with <g:set var="username"><sec:username/></g:set>
* Replace ${loggedInUserInfo(field:'username')} with <sec:username/>

* Replace <g:isNotLoggedIn> with <sec:ifNotLoggedIn>, note change of is... to if...
* Replace <g:isLoggedIn> with <sec:ifLoggedIn>, note change of is... to if...
burtbeckwith
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Migrating Acegi plugin to new Security plugin

burtbeckwith
Thanks, this is very useful info - I'll add it to the docs.

Burt

>
> Hi all,
>
> I have just successfully migrated Acegi plugin to new Security plugin. In
> case some else will go through the same process, here are my notes.
>
> Burt, thanks for the new plugin and very good documentation. Feel free to
> take these notes, edit them and add them to the plugin doc if you wish.
>
> * Create bookstore tutorial project, get files from the tutorial project
> (login, logout, user, role)
>
> * Uninstall plugin acegi, install plugin spring-security-core
>
> * Replace authenticateService with springSecurityService
>
> * When creating user use UserRole.create user, role, true instead of
> user.addToAuthorities
>
> * Edit Config.groovy:
>
> grails.plugins.springsecurity.userLookup.userDomainClassName = '...User'
> grails.plugins.springsecurity.userLookup.authorityJoinClassName =
> '...UserRole'
> grails.plugins.springsecurity.authority.className = '...Role'
>
> * To get currently logged user:
>
> instead of:
>     def currUser = authenticateService.userDomain()
> use:
> springSecurityService.principal
>
> * Remove SecurityConfig.groovy
>
> * Replace authenticateService.ifAnyGranted with
> SpringSecurityUtils.ifAnyGranted, it is not springSecurityService, it is
> static SpringSecurityUtils
>
> * Replace:
> import org.codehaus.groovy.grails.plugins.springsecurity.Secured
> with
> import grails.plugins.springsecurity.Secured
>
> * Edit/replace LoginController from tutorial
> * Edit/replace LogoutController from tutorial
> * Edit/replace RoleController from tutorial
> * Edit/replace domain classes User, Role, UserRole from tutorial
>
> * Replace @Secured(['ROLE_ANONYMOUS']) with
> @Secured(['IS_AUTHENTICATED_ANONYMOUSLY'])
>
> * In *.gsp files:
>
> * Replace <g:ifAnyGranted role=...> with <sec:ifAnyGranted roles=...>, note
> role attribute changed to roles
>
> * Replace <g:set var="username"
> value="${loggedInUserInfo(field:'username')}" /> with <g:set
> var="username"><sec:username/></g:set>
> * Replace ${loggedInUserInfo(field:'username')} with <sec:username/>
>
> * Replace <g:isNotLoggedIn> with <sec:ifNotLoggedIn>, note change of is...
> to if...
> * Replace <g:isLoggedIn> with <sec:ifLoggedIn>, note change of is... to
> if...
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
bkane
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Migrating Acegi plugin to new Security plugin

bkane
Hi there,

I've been working though the migration as well.  This has been very helpful, as are the docs that Burt has put together.  I think I'm 95% of the way there and everything has gone smoothly so far.

The only problem is where I have syntax like this in my GSPs:

${loggedInUserInfo(field:'firstName')} 

It seems I am unable to access fields from my User domain class using this syntax.  This worked with acegi, so I figured it would work here as well.  Is there a standard way to do this with the new plugin? 

There aren't that many places in my app where I access fields I've added to the User domain class, and the app isn't in production yet, so I'm happy to change it if there is a better way.

Thanks!

Brandon

On Thu, Jul 15, 2010 at 12:47 PM, Burt Beckwith <[hidden email]> wrote:
Thanks, this is very useful info - I'll add it to the docs.

Burt

>
> Hi all,
>
> I have just successfully migrated Acegi plugin to new Security plugin. In
> case some else will go through the same process, here are my notes.
>
> Burt, thanks for the new plugin and very good documentation. Feel free to
> take these notes, edit them and add them to the plugin doc if you wish.
>
> * Create bookstore tutorial project, get files from the tutorial project
> (login, logout, user, role)
>
> * Uninstall plugin acegi, install plugin spring-security-core
>
> * Replace authenticateService with springSecurityService
>
> * When creating user use UserRole.create user, role, true instead of
> user.addToAuthorities
>
> * Edit Config.groovy:
>
> grails.plugins.springsecurity.userLookup.userDomainClassName = '...User'
> grails.plugins.springsecurity.userLookup.authorityJoinClassName =
> '...UserRole'
> grails.plugins.springsecurity.authority.className = '...Role'
>
> * To get currently logged user:
>
> instead of:
>     def currUser = authenticateService.userDomain()
> use:
>       springSecurityService.principal
>
> * Remove SecurityConfig.groovy
>
> * Replace authenticateService.ifAnyGranted with
> SpringSecurityUtils.ifAnyGranted, it is not springSecurityService, it is
> static SpringSecurityUtils
>
> * Replace:
> import org.codehaus.groovy.grails.plugins.springsecurity.Secured
> with
> import grails.plugins.springsecurity.Secured
>
> * Edit/replace LoginController from tutorial
> * Edit/replace LogoutController from tutorial
> * Edit/replace RoleController from tutorial
> * Edit/replace domain classes User, Role, UserRole from tutorial
>
> * Replace @Secured(['ROLE_ANONYMOUS']) with
> @Secured(['IS_AUTHENTICATED_ANONYMOUSLY'])
>
> * In *.gsp files:
>
> * Replace <g:ifAnyGranted role=...> with <sec:ifAnyGranted roles=...>, note
> role attribute changed to roles
>
> * Replace <g:set var="username"
> value="${loggedInUserInfo(field:'username')}" /> with <g:set
> var="username"><sec:username/></g:set>
> * Replace ${loggedInUserInfo(field:'username')} with <sec:username/>
>
> * Replace <g:isNotLoggedIn> with <sec:ifNotLoggedIn>, note change of is...
> to if...
> * Replace <g:isLoggedIn> with <sec:ifLoggedIn>, note change of is... to
> if...
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email
burtbeckwith
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Migrating Acegi plugin to new Security plugin

burtbeckwith
The tag should probably support that, but not directly. The Acegi plugin's tag assumes that there's a User/Person domain class instance attached to the principal, but I removed that when creating the new plugin since it pollutes the sessions. Instead I added the user's id to the principal to make retrieving the user simple.

The new plugin's tag also works if there's a 'userDomain' property in the principal but you'd have to add that yourself, and I wouldn't recommend doing that.

To get this working now you'd need to combine the logged-in check and getting the user from the database, so I'd put the user in the model in the controller:

   def someAction = {
      ...
      def user = springSecurityService.isLoggedIn() ? User.get(springSecurityService.principal.id) : null
      [foo: bar, user: user, ...]
   }

and then in the GSP access the data as

   ${user?.firstName?.encodeAsHTML()}

which will render nothing if not logged in since the user will be null.

If there's interest I could add a 'fromDb=true' attribute to the loggedInUserInfo tag so you could call

   ${sec.loggedInUserInfo(field:'firstName', fromDb: true)}

or

   <sec:loggedInUserInfo field='firstName' fromDb='${true}'/>

Burt

> Hi there,
>
> I've been working though the migration as well.  This has been very helpful,
> as are the docs that Burt has put together.  I think I'm 95% of the way
> there and everything has gone smoothly so far.
>
> The only problem is where I have syntax like this in my GSPs:
>
> ${loggedInUserInfo(field:'firstName')}
>
> It seems I am unable to access fields from my User domain class using this
> syntax.  This worked with acegi, so I figured it would work here as well.
>  Is there a standard way to do this with the new plugin?
>
> There aren't that many places in my app where I access fields I've added to
> the User domain class, and the app isn't in production yet, so I'm happy to
> change it if there is a better way.
>
> Thanks!
>
> Brandon
>
> On Thu, Jul 15, 2010 at 12:47 PM, Burt Beckwith <[hidden email]>wrote:
>
> > Thanks, this is very useful info - I'll add it to the docs.
> >
> > Burt
> >
> > >
> > > Hi all,
> > >
> > > I have just successfully migrated Acegi plugin to new Security plugin. In
> > > case some else will go through the same process, here are my notes.
> > >
> > > Burt, thanks for the new plugin and very good documentation. Feel free to
> > > take these notes, edit them and add them to the plugin doc if you wish.
> > >
> > > * Create bookstore tutorial project, get files from the tutorial project
> > > (login, logout, user, role)
> > >
> > > * Uninstall plugin acegi, install plugin spring-security-core
> > >
> > > * Replace authenticateService with springSecurityService
> > >
> > > * When creating user use UserRole.create user, role, true instead of
> > > user.addToAuthorities
> > >
> > > * Edit Config.groovy:
> > >
> > > grails.plugins.springsecurity.userLookup.userDomainClassName = '...User'
> > > grails.plugins.springsecurity.userLookup.authorityJoinClassName =
> > > '...UserRole'
> > > grails.plugins.springsecurity.authority.className = '...Role'
> > >
> > > * To get currently logged user:
> > >
> > > instead of:
> > >     def currUser = authenticateService.userDomain()
> > > use:
> > >       springSecurityService.principal
> > >
> > > * Remove SecurityConfig.groovy
> > >
> > > * Replace authenticateService.ifAnyGranted with
> > > SpringSecurityUtils.ifAnyGranted, it is not springSecurityService, it is
> > > static SpringSecurityUtils
> > >
> > > * Replace:
> > > import org.codehaus.groovy.grails.plugins.springsecurity.Secured
> > > with
> > > import grails.plugins.springsecurity.Secured
> > >
> > > * Edit/replace LoginController from tutorial
> > > * Edit/replace LogoutController from tutorial
> > > * Edit/replace RoleController from tutorial
> > > * Edit/replace domain classes User, Role, UserRole from tutorial
> > >
> > > * Replace @Secured(['ROLE_ANONYMOUS']) with
> > > @Secured(['IS_AUTHENTICATED_ANONYMOUSLY'])
> > >
> > > * In *.gsp files:
> > >
> > > * Replace <g:ifAnyGranted role=...> with <sec:ifAnyGranted roles=...>,
> > note
> > > role attribute changed to roles
> > >
> > > * Replace <g:set var="username"
> > > value="${loggedInUserInfo(field:'username')}" /> with <g:set
> > > var="username"><sec:username/></g:set>
> > > * Replace ${loggedInUserInfo(field:'username')} with <sec:username/>
> > >
> > > * Replace <g:isNotLoggedIn> with <sec:ifNotLoggedIn>, note change of
> > is...
> > > to if...
> > > * Replace <g:isLoggedIn> with <sec:ifLoggedIn>, note change of is... to
> > > if...
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this list, please visit:
> >
> >    http://xircles.codehaus.org/manage_email
> >
> >
> >
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
bkane
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Migrating Acegi plugin to new Security plugin

bkane
I can't speak for others, but in my case this is fine.  There are only a handful of places where I use other attributes, so I'll probably only need to update one or two controllers, and it is a simple change.

I'd say since there is a simple solution that works perfectly well and separates things nicely, don't spend your time adding support for the tag.  I'm sure there are other things we'd all rather have you focusing on.  :)

Thanks for the help Burt, much appreciated!

Brandon

On Mon, Aug 16, 2010 at 1:41 PM, Burt Beckwith <[hidden email]> wrote:
The tag should probably support that, but not directly. The Acegi plugin's tag assumes that there's a User/Person domain class instance attached to the principal, but I removed that when creating the new plugin since it pollutes the sessions. Instead I added the user's id to the principal to make retrieving the user simple.

The new plugin's tag also works if there's a 'userDomain' property in the principal but you'd have to add that yourself, and I wouldn't recommend doing that.

To get this working now you'd need to combine the logged-in check and getting the user from the database, so I'd put the user in the model in the controller:

  def someAction = {
     ...
     def user = springSecurityService.isLoggedIn() ? User.get(springSecurityService.principal.id) : null
     [foo: bar, user: user, ...]
  }

and then in the GSP access the data as

  ${user?.firstName?.encodeAsHTML()}

which will render nothing if not logged in since the user will be null.

If there's interest I could add a 'fromDb=true' attribute to the loggedInUserInfo tag so you could call

  ${sec.loggedInUserInfo(field:'firstName', fromDb: true)}

or

  <sec:loggedInUserInfo field='firstName' fromDb='${true}'/>

Burt

> Hi there,
>
> I've been working though the migration as well.  This has been very helpful,
> as are the docs that Burt has put together.  I think I'm 95% of the way
> there and everything has gone smoothly so far.
>
> The only problem is where I have syntax like this in my GSPs:
>
> ${loggedInUserInfo(field:'firstName')}
>
> It seems I am unable to access fields from my User domain class using this
> syntax.  This worked with acegi, so I figured it would work here as well.
>  Is there a standard way to do this with the new plugin?
>
> There aren't that many places in my app where I access fields I've added to
> the User domain class, and the app isn't in production yet, so I'm happy to
> change it if there is a better way.
>
> Thanks!
>
> Brandon
>
> On Thu, Jul 15, 2010 at 12:47 PM, Burt Beckwith <[hidden email]>wrote:
>
> > Thanks, this is very useful info - I'll add it to the docs.
> >
> > Burt
> >
> > >
> > > Hi all,
> > >
> > > I have just successfully migrated Acegi plugin to new Security plugin. In
> > > case some else will go through the same process, here are my notes.
> > >
> > > Burt, thanks for the new plugin and very good documentation. Feel free to
> > > take these notes, edit them and add them to the plugin doc if you wish.
> > >
> > > * Create bookstore tutorial project, get files from the tutorial project
> > > (login, logout, user, role)
> > >
> > > * Uninstall plugin acegi, install plugin spring-security-core
> > >
> > > * Replace authenticateService with springSecurityService
> > >
> > > * When creating user use UserRole.create user, role, true instead of
> > > user.addToAuthorities
> > >
> > > * Edit Config.groovy:
> > >
> > > grails.plugins.springsecurity.userLookup.userDomainClassName = '...User'
> > > grails.plugins.springsecurity.userLookup.authorityJoinClassName =
> > > '...UserRole'
> > > grails.plugins.springsecurity.authority.className = '...Role'
> > >
> > > * To get currently logged user:
> > >
> > > instead of:
> > >     def currUser = authenticateService.userDomain()
> > > use:
> > >       springSecurityService.principal
> > >
> > > * Remove SecurityConfig.groovy
> > >
> > > * Replace authenticateService.ifAnyGranted with
> > > SpringSecurityUtils.ifAnyGranted, it is not springSecurityService, it is
> > > static SpringSecurityUtils
> > >
> > > * Replace:
> > > import org.codehaus.groovy.grails.plugins.springsecurity.Secured
> > > with
> > > import grails.plugins.springsecurity.Secured
> > >
> > > * Edit/replace LoginController from tutorial
> > > * Edit/replace LogoutController from tutorial
> > > * Edit/replace RoleController from tutorial
> > > * Edit/replace domain classes User, Role, UserRole from tutorial
> > >
> > > * Replace @Secured(['ROLE_ANONYMOUS']) with
> > > @Secured(['IS_AUTHENTICATED_ANONYMOUSLY'])
> > >
> > > * In *.gsp files:
> > >
> > > * Replace <g:ifAnyGranted role=...> with <sec:ifAnyGranted roles=...>,
> > note
> > > role attribute changed to roles
> > >
> > > * Replace <g:set var="username"
> > > value="${loggedInUserInfo(field:'username')}" /> with <g:set
> > > var="username"><sec:username/></g:set>
> > > * Replace ${loggedInUserInfo(field:'username')} with <sec:username/>
> > >
> > > * Replace <g:isNotLoggedIn> with <sec:ifNotLoggedIn>, note change of
> > is...
> > > to if...
> > > * Replace <g:isLoggedIn> with <sec:ifLoggedIn>, note change of is... to
> > > if...
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this list, please visit:
> >
> >    http://xircles.codehaus.org/manage_email
> >
> >
> >
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email
thomasbee
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Migrating Acegi plugin to new Security plugin

thomasbee
Hi,

what's the simplest way to use a plain text password encoder in the new Spring Security Core plugin? In the Acegi Plugin, adding something like this in resources.groovy worked: 


beans = {
	passwordEncoder(org.springframework.security.providers.encoding.PlaintextPasswordEncoder) {
	}

but now I cannot resolve this class anymore, and also, the configuration might be wrong. I have seen that the core security plugin comes with the DigestAuthPasswordEncoder.java source. Do I have to manually add the (Java) Spring Security Library to the dependencies and import from there?

Or should I implement my own AuthenticationProvider class?

Thanks

.t
burtbeckwith
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Migrating Acegi plugin to new Security plugin

burtbeckwith
Several packages changed from Spring Security 2.0 to 3.0, so this is what you'd use in the new plugin:

   import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder

   beans = {
      passwordEncoder(PlaintextPasswordEncoder)
   }

You don't want to use DigestAuthPasswordEncoder unless you're using Digest authentication (similar to Basic auth).

Burt

>
> Hi,
>
> what's the simplest way to use a plain text password encoder in the new
> Spring Security Core plugin? In the Acegi Plugin, adding something like this
> in resources.groovy worked:
>
>
>
> beans = {
>
> passwordEncoder(org.springframework.security.providers.encoding.PlaintextPasswordEncoder)
> {
> }
>
>
> but now I cannot resolve this class anymore, and also, the configuration
> might be wrong. I have seen that the core security plugin comes with the
> DigestAuthPasswordEncoder.java source. Do I have to manually add the (Java)
> Spring Security Library to the dependencies and import from there?
>
> Thanks
>
> .t
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
thomasbee
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Migrating Acegi plugin to new Security plugin

thomasbee
Works perfectly. Thanks so much, Burt.
cleorbete
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Migrating Acegi plugin to new Security plugin

cleorbete
This post was updated on .
CONTENTS DELETED
The author has deleted this message.
randyjones
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Migrating Acegi plugin to new Security plugin

randyjones
In reply to this post by lubosp
I had a bunch of users which had been configured with the old Spring Security so before making changes to User and after adding UserRole I ran the following to convert my existing roles.

    def migrateRoles = {
        for (User user: User.all) {
            for (Role role: user.authorities) {
                if (UserRole.findByUserAndRole(user, role) == null) {
                    UserRole.create(user, role, true)
                    log.info "Created for ${user.userRealName} role: ${role.authority}"
                }
            }
        }
        render "done"
    }
sd
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Atmosphere plugin with Redis

sd
I'm just getting started with Atmosphere and see that the Redis broadcaster is something new when dealing with clusters.

The examples I have seen appear to be pretty limited, they say basically all you need to do is inject the RedisBroadcaster and use it. I have not used Redis before but I'm assuming you have to do things like setup a Redis server and configure the client etc.

I have also not seen any examples of clustering Atmosphere with the Grails plugin.

Does anyone have a link or point me to a decent writeup or example of using Redis with the Grails Atmosphere plugin?

Thanks
Loading...
Powered by Nabble Edit this page