Jsecurity plugin for grails simplies some of the tasks related to application security.
Ref: http://grails.org/JSecurity+Plugin
If installed correctly, it installs few domain classes and an AuthController in your application.
This topic will be helpful if you have successfully installed the jsecurity plugin and trying to explore more about the usage.
The following domain classes are added.
1. JsecUser
2. JsecRole
3. JsecPermission
etc
There is one controller "AuthController" added to your list of controllers.
If grails is installed on your local m/c and if your server is running on port 8080, you can invoke this controller using
http://localhost:8080/myApp/auth
We do not have to call this explicitly. Whenever there is request for a URL that is protected by JSecurity as configured in the "SecurityFilters", the controller is automatically invovoked. (Refer documentation plug-in )
BootStrap.groovy installation script can be used to define the initial set of users.
However, we would like to give flexibility to certain previlaged users (Admin) to add more users through the user interface. The default controllers and views provided by installing Jsecurity plugin is limited to "authorization" controller. There may be ways to acheive this, but from the plugin documentation it is not very clear.
We can make use of the domain classes listed above (JsecUser) and create typical Add, Modify, Delete functions.
Generate controllers and views by running the grails command generate-all for the domain class JsecUser. Same thing can be done to JsecUserRoleRel to assign roles defined in the BootStrap files at the time of installation.
A minor change to JsecUserController is required to deal with encrypting password.
Insert the code higlighted in the "save" method as given below.
def save = {
def jsecUserInstance = new JsecUser(params)
jsecUserInstance.passwordHash = new Sha1Hash(jsecUserInstance.passwordHash).toHex();
if(!jsecUserInstance.hasErrors() && jsecUserInstance.save()) {
flash.message = "JsecUser ${jsecUserInstance.id} created"
redirect(action:show,id:jsecUserInstance.id)
}
else {
render(view:'create',model:[jsecUserInstance:jsecUserInstance])
}
}
Similar change can be done to the "update" method.
Ref: http://grails.org/JSecurity+Plugin
If installed correctly, it installs few domain classes and an AuthController in your application.
This topic will be helpful if you have successfully installed the jsecurity plugin and trying to explore more about the usage.
The following domain classes are added.
1. JsecUser
2. JsecRole
3. JsecPermission
etc
There is one controller "AuthController" added to your list of controllers.
If grails is installed on your local m/c and if your server is running on port 8080, you can invoke this controller using
http://localhost:8080/myApp/auth
We do not have to call this explicitly. Whenever there is request for a URL that is protected by JSecurity as configured in the "SecurityFilters", the controller is automatically invovoked. (Refer documentation plug-in )
BootStrap.groovy installation script can be used to define the initial set of users.
However, we would like to give flexibility to certain previlaged users (Admin) to add more users through the user interface. The default controllers and views provided by installing Jsecurity plugin is limited to "authorization" controller. There may be ways to acheive this, but from the plugin documentation it is not very clear.
We can make use of the domain classes listed above (JsecUser) and create typical Add, Modify, Delete functions.
Generate controllers and views by running the grails command generate-all for the domain class JsecUser. Same thing can be done to JsecUserRoleRel to assign roles defined in the BootStrap files at the time of installation.
A minor change to JsecUserController is required to deal with encrypting password.
Insert the code higlighted in the "save" method as given below.
def save = {
def jsecUserInstance = new JsecUser(params)
jsecUserInstance.passwordHash = new Sha1Hash(jsecUserInstance.passwordHash).toHex();
if(!jsecUserInstance.hasErrors() && jsecUserInstance.save()) {
flash.message = "JsecUser ${jsecUserInstance.id} created"
redirect(action:show,id:jsecUserInstance.id)
}
else {
render(view:'create',model:[jsecUserInstance:jsecUserInstance])
}
}
Similar change can be done to the "update" method.
Comments
Post a Comment