Grails Integration Plugin
Now a Grails Plugin
In order to have first-class integration with Grails, I have moved all the development to Codehaus. Please visit the plugin page for all the latest info.
For the Codegeist Judges
For the purposes of Codegeist, I am copying the current Codehaus wiki page here. Additionally, a copy of the Grails project (containing all sources, etc.) for the plugin CODEGEIST:is attached, and a screenshot of the default login screen (woo!) is at the bottom of the page.
Table of Contents
- CODEGEIST:Table of Contents
- CODEGEIST:Issue Tracking
Sure, you can wire up Grails with Acegi and the new Crowd-Acegi integration APIs released with v1.3, as Katie has done here, but that is way too much work. This Grails plugin has no dependency on Acegi, and talks to Crowd directly for its authentication and authorization requirements. The plugin borrows ideas from Grails Authorize for the simple auth/auth configuration, and from Grails Acegi for a GSP taglib.
The plugin provides a Grails webapp with simple hooks for Grails controllers and actions to require authentication and authorization. Pages requiring authentication will redirect a non-authenticated user to a supplied Login controller (with a customizable view). Logouts are handled by a supplied Logout controller. Authentication is fully integrated with Crowd's single sign-on capabilities; if a user is already logged into Crowd, the user will be authenticated to the webapp automatically.
Pages requiring authorization will return to a non-authorized user a http
503 FORBIDDEN error. The logic and/or view handling that error is also fully customizable within Grails.
The plugin also provides some Grails tag libraries to manipulate views depending on: whether the user is authenticated, and whether the user is authorized, and at what level. A tag library to easily grab information about the currently authenticated user is provided. As well, a tag library is provided for easily retrieving
SOAPAttribute values from a Crowd
Finally, several utility classes provide the same functionality of the tag libraries in Groovy code. This is very useful for logic written in the controller and service areas.
This is BETA SOFTWARE. There are bound to be some issues. The plugin shouldn't eat your app, but make a backup anyway. Bug fixes welcome!
The plugin requires an Atlassian Crowd server, running version 1.3. You will need to configure an application within Crowd. Don't forget to specify the remote IP address. That gets me every time
Install and Configure the Plugin
- Install the into a Grails webapp:
- When installing, choose 'y' when asked to add the following configuration to your Grails webapp Config.groovy: A list of all the configurable options (along with the default) is listed in PROJECT_ROOT/grails-app/conf/CrowdAuthConfig.groovy.
- When installing, choose 'y' when asked to add default internationalization messages to your Grails webapp PROJECT_ROOT/grails-app/i18n/messages.properties.
Further localizations will be added as they are created. Submissions welcome!
- If you are using Grails 1.0.2 (possibly earlier), this bug (fixed in 1.0.3, whenever that arrives) requires you to copy the default Login view from the Plugin to your webapp:
Secure a Grails Controller or Action
Authentication is defined via the static authenticate variable in your controller
A Boolean will enable or disable authentication for all actions:
An 'only' list with enable authentication only for the listed actions:
An 'except' list with enable authentication for all actions except those listed:
Authorization is defined via the static authorize variable in your controller
A String will require the user belong the Crowd group for all actions:
A List will require the user to belong to all listed Crowd groups for all actions:
A Map will require the user to belong to all listed Crowd groups for specified actions:
crowdAuth:isAuthenticated will render its body if the user is authenticated.
crowdAuth:isNotAuthenticated will render its body if the user is not authenticated.
crowdAuth:authenticatedUserInfo will render information from the Crowd principal speficied in a
property attribute. Valid properties are:
name (full name),
crowdAuth:ifAllGranted will render its body if the user belongs to all of the comma-separated Crowd group/role names specified in a
crowdAuth:ifAnyGranted will render its body if the user belongs to one of the comma-separated Crowd group/role names specified in a
crowdAuth:ifNotAllGranted will render its body if the user does not belong to all of the Crowd group/role names specified in a
crowdAuth:ifNotAnyGranted will render its body if the user does not belong to one of the Crowd group/role names specified in a
crowd:attributeValue will retrieve the first value of the attribute specified in an attribute named
attribute from a
SOAPEntity supplied in an attribute named
There are also some utility classes which provide an API for wrestling with the internals of the plugin:
The tutorial below assume Crowd to have a user named George Harrison who belongs to a group called Guitarists. There should also be some other groups (which George is not a member of) called Bassists, Drummers, and Lead Singers.
Create a Grails webapp:
CODEGEIST:Install and configure the Crowd plugin.
Create the following Grails Controller:
Edit the controller with the following:
Create a new file for the view:
Start your webapp:
In your browser, from the webapp home page, click on HomeController. If you are logged into Crowd already, you have been logged into the application automatically (via Crowd's single sign-on). If not, click on the Login link to be sent to the Login screen. Try logging in. For invalid logins, the error messages are customizable in PROJECT_ROOT/grails-app/i18n/messages.properties. The default messages were copied there on installation. Once logged in, Go back to the HomeController. Note how the screen now says you're logged in and displays some information about the user.
Things to try:
- Change HomeController's authenticate variable to true. This will make the controller automatically redirect you to the Login screen if you are not authenticated.
- Change HomeController's authorize variable to a map requiring a group to which George doesn't belong. The controller will redirect you to a
- Change some of the tags in the view. The text should be rendered only if the conditions of the tag are met.
You get the idea!