SlideShare a Scribd company logo

Hacking the Grails Spring Security Plugins

GR8Conf
GR8Conf

Here are the key steps to create a custom UserDetailsService in Grails Spring Security: 1. Create a class that implements the Spring Security UserDetailsService interface. 2. Override the loadUserByUsername() method to retrieve the user details (usually from the database) based on the username. 3. Return a UserDetails object (like GrailsUser) containing the user's credentials and authorities. 4. Register the custom UserDetailsService bean in resources.groovy, overriding the default. 5. The authentication manager will now use the custom service to retrieve user details during authentication. This allows full customization of how users are loaded from the data store for authentication. The custom service can

TechnologyNews & Politics
1 of 67
Download to read offline
Hacking the Grails Spring  Security Plugins Burt Beckwith SpringSource
CONFIDENTIAL 2
web.xml CONFIDENTIAL 3
web.xml  Spring Security is implemented as a filter chain, so the <filter-mapping> elements are the important ones: • charEncodingFilter • hiddenHttpMethod • grailsWebRequest • springSecurityFilterChain • reloadFilter • sitemesh • urlMapping CONFIDENTIAL 4
web.xml  Spring Security is implemented as a filter chain, so the <filter-mapping> elements are the important ones: • charEncodingFilter • hiddenHttpMethod • grailsWebRequest • springSecurityFilterChain • reloadFilter • sitemesh • urlMapping CONFIDENTIAL 5
web.xml - charEncodingFilter  org.springframework.web.filter.DelegatingFilterProxy  Uses the "characterEncodingFilter" bean (org.springframework.web.filter.CharacterEncodingFilter) defined in applicationContext.xml (the “parent” context)  request.setCharacterEncoding("utf-8");  response.setCharacterEncoding("utf-8"); CONFIDENTIAL 6
web.xml - hiddenHttpMethod  org.codehaus.groovy.grails.web.filters.HiddenHttpMethodFilter String httpMethod = getHttpMethodOverride(request); filterChain.doFilter( new HttpMethodRequestWrapper(httpMethod, request), response);  <g:form controller="book" method="DELETE">  See section “13.1 REST” in the docs CONFIDENTIAL 7
web.xml - grailsWebRequest  org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter LocaleContextHolder.setLocale(request.getLocale()); GrailsWebRequest webRequest = new GrailsWebRequest( request, response, getServletContext()); configureParameterCreationListeners(webRequest); try { WebUtils.storeGrailsWebRequest(webRequest); // Set the flash scope instance to its next state FlashScope fs = webRequest.getAttributes().getFlashScope(request); fs.next(); filterChain.doFilter(request, response); } finally { webRequest.requestCompleted(); WebUtils.clearGrailsWebRequest(); LocaleContextHolder.setLocale(null); } CONFIDENTIAL 8
web.xml - springSecurityFilterChain  org.springframework.web.filter.DelegatingFilterProxy  Uses the "springSecurityFilterChain" bean defined by the plugin (org.springframework.security.web.FilterChainProxy) CONFIDENTIAL 9
web.xml - springSecurityFilterChain  Typical filter beans: • securityContextPersistenceFilter • logoutFilter • authenticationProcessingFilter • securityContextHolderAwareRequestFilter • rememberMeAuthenticationFilter • anonymousAuthenticationFilter • exceptionTranslationFilter • filterInvocationInterceptor CONFIDENTIAL 10
web.xml - reloadFilter  org.codehaus.groovy.grails.web.servlet.filter.GrailsReloadServletFilter  No longer used in 2.0+  “Copies resources from the source on content change and manages reloading if necessary.” GrailsApplication application = (GrailsApplication)context.getBean( GrailsApplication.APPLICATION_ID); if (!application.isInitialised()) { application.rebuild(); GrailsRuntimeConfigurator config = new GrailsRuntimeConfigurator( application, parent); config.reconfigure(context, getServletContext(), true); } CONFIDENTIAL 11
web.xml - sitemesh  org.codehaus.groovy.grails.web.sitemesh.GrailsPageFilter  Subclass of com.opensymphony.sitemesh.webapp.SiteMeshFilter  Renders Sitemesh templates/layouts CONFIDENTIAL 12
web.xml - urlMapping  org.codehaus.groovy.grails.web.mapping.filter.UrlMappingsFilter  Matches requested url to the correct controller/action/view/error code  Based on mappings in grails-app/conf/UrlMappings.groovy CONFIDENTIAL 13
springSecurityFilterChain CONFIDENTIAL 14
springSecurityFilterChain - securityContextPersistenceFilter  org.springframework.security.web.context.SecurityContextPersistenceFilter  Retrieves the SecurityContext from the HTTP session (under the ”SPRING_SECURITY_CONTEXT” key) or creates a new empty one  Stores the context in the holder: SecurityContextHolder.setContext()  Removes the context after request CONFIDENTIAL 15
springSecurityFilterChain - logoutFilter  org.codehaus.groovy.grails.plugins.springsecurity.MutableLogoutFilter  If uri is ”/j_spring_security_logout” calls handler.logout(request, response, auth) for each o.s.s.web.authentication.logout.LogoutHandler and redirects to post- logout url (by default ”/”) CONFIDENTIAL 16
springSecurityFilterChain - authenticationProcessingFilter  org.codehaus.groovy.grails.plugins.springsecurity.RequestHolderAuthenticationFilter (extends o.s.s.web.authentication.UsernamePasswordAuthenticationFilter)  Sets the request and response in the SecurityRequestHolder ThreadLocal fields (custom plugin functionality)  If uri is ”/j_spring_security_check” calls attemptAuthentication() CONFIDENTIAL 17
springSecurityFilterChain - securityContextHolderAwareRequestFilter  o.s.s.web.servletapi.SecurityContextHolderAwareRequestFilter  Configures a request wrapper which implements the servlet API security methods (getRemoteUser, getUserPrincipal, isUserInRole) chain.doFilter(new SecurityContextHolderAwareRequestWrapper( request, rolePrefix), response); CONFIDENTIAL 18
springSecurityFilterChain - rememberMeAuthenticationFilter  o.s.s.web.authentication.rememberme.RememberMeAuthenticationFilter  If not logged in, attempt to login from the remember-me cookie CONFIDENTIAL 19
springSecurityFilterChain - anonymousAuthenticationFilter  o.s.s.web.authentication.AnonymousAuthenticationFilter  If not logged in creates an AnonymousAuthenticationToken and registers it as the Authentication in the SecurityContext https://secure.flickr.com/photos/gaelx/5445598436/ CONFIDENTIAL 20
springSecurityFilterChain - exceptionTranslationFilter  o.s.s.web.access.ExceptionTranslationFilter  Handles AccessDeniedException and AuthenticationException  For AuthenticationException will invoke the authenticationEntryPoint  For AccessDeniedException invoke the authenticationEntryPoint if anonymous, otherwise delegate to o.s.s.web.access.AccessDeniedHandler CONFIDENTIAL 21
springSecurityFilterChain - filterInvocationInterceptor  o.s.s.web.access.intercept.FilterSecurityInterceptor  Determines the o.s.s.access.SecurityConfig collection for the request from FilterInvocationSecurityMetadataSource (AnnotationFilterInvocationDefinition, InterceptUrlMapFilterInvocationDefinition, or RequestmapFilterInvocationDefinition) CONFIDENTIAL 22
springSecurityFilterChain - filterInvocationInterceptor  Delegates to an AccessDecisionManager (org.codehaus.groovy.grails.plugins.springsecurity. AuthenticatedVetoableDecisionManager) to call each registered o.s.s.access.AccessDecisionVoter CONFIDENTIAL 23
springSecurityFilterChain - filterInvocationInterceptor  o.s.s.access.vote.AuthenticatedVoter works with “IS_AUTHENTICATED_FULLY”, “IS_AUTHENTICATED_REMEMBERED”, and “IS_AUTHENTICATED_ANONYMOUSLY” CONFIDENTIAL 24
springSecurityFilterChain - filterInvocationInterceptor  o.s.s.access.vote.RoleHierarchyVoter finds the GrantedAuthority instances from the Authentication, checks for matches with required roles CONFIDENTIAL 25
springSecurityFilterChain - filterInvocationInterceptor  org.codehaus.groovy.grails.plugins.springsecurity. WebExpressionVoter looks for a WebExpressionConfigAttribute and evaluates its expression if found CONFIDENTIAL 26
springSecurityFilterChain - filterInvocationInterceptor Common built-in expressions Expression Description hasRole([role]) Returns true if the current principal has the specified role. hasAnyRole([role1,role2]) Returns true if the current principal has any of the supplied roles (given as a comma-separated list of strings) principal Allows direct access to the principal object representing the current user authentication Allows direct access to the current Authentication object obtained from the SecurityContext permitAll Always evaluates to true denyAll Always evaluates to false isAnonymous() Returns true if the current principal is an anonymous user isRememberMe() Returns true if the current principal is a remember-me user isAuthenticated() Returns true if the user is not anonymous isFullyAuthenticated() Returns true if the user is not an anonymous or a remember-me user CONFIDENTIAL 27
springSecurityFilterChain - filterInvocationInterceptor if (denyCount > 0) { throw new AccessDeniedException("Access is denied"); }  this is caught by the exceptionTranslationFilter  If the Authentication is anonymous, stores a SavedRequest in the HTTP session and calls authenticationEntryPoint.commence( request, response, reason)  The authenticationEntryPoint is an org.codehaus.groovy.grails.plugins.springsecurity. AjaxAwareAuthenticationEntryPoint  This issues a redirect to the login page, by default /login/auth CONFIDENTIAL 28
Customizing the Plugin CONFIDENTIAL 29
Customizing the Plugin Traditional Spring Security uses XML with namespaced beans: <beans:beans xmlns="http://www.springframework.org/schema/security" ...> <http auto-config="true"> <intercept-url pattern="/admin/**" access="ROLE_ADMIN" /> </http> <authentication-manager> <authentication-provider> <jdbc-user-service data-source-ref="dataSource" /> </authentication-provider> </authentication-manager> </beans:beans> CONFIDENTIAL 30
Customizing the Plugin  Simple; not always clear how to customize; many options aren't exposed  In contrast, the plugin explicitly defines every bean  See SpringSecurityCoreGrailsPlugin.groovy for the details CONFIDENTIAL 31
Overriding Beans CONFIDENTIAL 32
Overriding Beans accessDecisionManager filterInvocationInterceptor roleVoter accessDeniedHandler logoutFilter runAsManager anonymousAuthenticationFilter logoutHandlers saltSource anonymousAuthenticationProvider logoutSuccessHandler securityContextHolderAwareRequestFilter authenticatedVoter objectDefinitionSource securityContextLogoutHandler authenticationDetailsSource passwordEncoder securityContextPersistenceFilter authenticationEntryPoint portMapper securityEventListener authenticationEventPublisher portResolver sessionAuthenticationStrategy authenticationFailureHandler postAuthenticationChecks springSecurityFilterChain authenticationManager preAuthenticationChecks tokenRepository authenticationProcessingFilter redirectStrategy userCache authenticationSuccessHandler rememberMeAuthenticationFilter userDetailsService authenticationTrustResolver rememberMeAuthenticationProvider webExpressionHandler authenticationUserDetailsService rememberMeServices webExpressionVoter daoAuthenticationProvider requestCache webInvocationPrivilegeEvaluator exceptionTranslationFilter roleHierarchy CONFIDENTIAL 33
Overriding Beans  Building the Spring ApplicationContext Core plugins Installed plugins resources.groovy CONFIDENTIAL 34
Overriding Beans  Gross oversimplifications: • The ApplicationContext is like a Map; the keys are bean names and the values are bean instances • Defining a bean with the same name as an earlier bean replaces the previous, just like Map.put(key, value) does CONFIDENTIAL 35
Overriding Beans  To change how a bean works: • Subclass the current class • Or subclass a similar class that's closer to what you need • Or implement the interface directly • Then register yours in grails-app/ conf/spring/resources.groovy CONFIDENTIAL 36
Overriding Beans - resources.groovy beans = { saltSource(com.foo.bar.MySaltSource) { // bean properties } userDetailsService(com.foo.bar.MyUserDetailsService) { // bean properties } passwordEncoder(com.foo.bar.MyPasswordEncoder) { // bean properties } } CONFIDENTIAL 37
Customizing Bean Properties CONFIDENTIAL 38
Customizing Bean Properties  In addition to declaring every bean, nearly all properties are configured from default values in the plugin's grails-app/conf/DefaultSecurityConfig.groovy  DO NOT EDIT DefaultSecurityConfig.groovy CONFIDENTIAL 39
Customizing Bean Properties  All properties can be overridden in app's Config.groovy • Be sure to add the grails.plugins.springsecurity prefix  Don't replace a bean if all you need to change is one or more properties CONFIDENTIAL 40
Customizing Bean Properties active dao.hideUserNotFoundExceptions registerLoggerListener successHandler.useReferer adh.ajaxErrorPage dao.reflectionSaltSourceProperty rejectIfNoRule switchUser.exitUserUrl adh.errorPage digest.createAuthenticatedToken rememberMe.alwaysRemember switchUser.switchFailureUrl ajaxHeader digest.key rememberMe.cookieName switchUser.switchUserUrl anon.key digest.nonceValiditySeconds rememberMe.key switchUser.targetUrl anon.userAttribute digest.passwordAlreadyEncoded rememberMe.parameter useBasicAuth apf.allowSessionCreation digest.realmName rememberMe.persistent useDigestAuth apf.continueChainBeforeSuccessfulAuthentication digest.useCleartextPasswords rememberMe.persistentToken.domainClassName useHttpSessionEventPublisher apf.filterProcessesUrl failureHandler.ajaxAuthFailUrl rememberMe.persistentToken.seriesLength userLookup.accountExpiredPropertyName apf.passwordParameter failureHandler.defaultFailureUrl rememberMe.persistentToken.tokenLength userLookup.accountLockedPropertyName apf.postOnly failureHandler.exceptionMappings rememberMe.tokenValiditySeconds userLookup.authoritiesPropertyName apf.usernameParameter failureHandler.useForward rememberMe.useSecureCookie userLookup.authorityJoinClassName atr.anonymousClass filterChain.stripQueryStringFromUrls requestCache.createSession userLookup.enabledPropertyName atr.rememberMeClass interceptUrlMap requestCache.onlyOnGet userLookup.passwordExpiredPropertyName auth.ajaxLoginFormUrl ipRestrictions requestMap.className userLookup.passwordPropertyName auth.forceHttps logout.afterLogoutUrl requestMap.configAttributeField userLookup.userDomainClassName auth.loginFormUrl logout.filterProcessesUrl requestMap.urlField userLookup.usernamePropertyName auth.useForward logout.handlerNames roleHierarchy useSecurityEventListener authenticationDetails.authClass password.algorithm secureChannel.definition useSessionFixationPrevention authority.className password.bcrypt.logrounds securityConfigType useSwitchUserFilter authority.nameField password.encodeHashAsBase64 sessionFixationPrevention.alwaysCreateSession useX509 basic.realmName portMapper.httpPort sessionFixationPrevention.migrate voterNames cacheUsers portMapper.httpsPort successHandler.ajaxSuccessUrl x509.checkForPrincipalChanges controllerAnnotations.lowercase providerManager.eraseCredentialsAfterAuthentication successHandler.alwaysUseDefault x509.continueFilterChainOnUnsuccessfulAuthentication controllerAnnotations.matcher providerNames successHandler.defaultTargetUrl x509.invalidateSessionOnPrincipalChange controllerAnnotations.staticRules redirectStrategy.contextRelative successHandler.targetUrlParameter x509.subjectDnRegex x509.throwExceptionWhenTokenRejected CONFIDENTIAL 41
Customizing Bean Properties grails-app/conf/Config.groovy: grails.plugins.springsecurity.userLookup.userDomainClassName = '…' grails.plugins.springsecurity.userLookup.authorityJoinClassName = '…' grails.plugins.springsecurity.authority.className = '…' grails.plugins.springsecurity.auth.loginFormUrl = '/log-in' grails.plugins.springsecurity.apf.filterProcessesUrl = '/authenticate' grails.plugins.springsecurity.logout.afterLogoutUrl = '/home' grails.plugins.springsecurity.userLookup.usernamePropertyName = 'email' CONFIDENTIAL 42
Customizing Bean Properties  Can also configure beans in BootStrap.groovy, e.g. to avoid redefining a whole bean in resources.groovy just to change one dependency: class BootStrap { def authenticationProcessingFilter def myAuthenticationFailureHandler def init = { servletContext -> authenticationProcessingFilter.authenticationFailureHandler = myAuthenticationFailureHandler } } CONFIDENTIAL 43
Custom UserDetailsService CONFIDENTIAL 44
Custom UserDetailsService  Very common customization  Documented in the plugin docs in section “11 Custom UserDetailsService” CONFIDENTIAL 45
Custom UserDetailsService  General workflow: • Create a custom o.s.s.core.userdetails.UserDetailsService (o.c.g.g.p.s.GrailsUserDetailsService) implementation • Directly implement the interface (best) • or extend org.codehaus.groovy.grails.plugins.springsecurity. GormUserDetailsService (ok, but usually cleaner to implement the interface) CONFIDENTIAL 46
Custom UserDetailsService  General workflow (cont.): • Create a custom implementation of o.s.s.core.userdetails.UserDetails • Extend org.codehaus.groovy.grails.plugins.springsecurity.GrailsUser • or extend o.s.s.core.userdetails.User • or directly implement the interface CONFIDENTIAL 47
Custom UserDetailsService  General workflow (cont.): • Register the bean override in grails-app/conf/spring/resources.groovy: import com.mycompany.myapp.MyUserDetailsService beans = { userDetailsService(MyUserDetailsService) } CONFIDENTIAL 48
Custom AuthenticationProvider CONFIDENTIAL 49
Custom AuthenticationProvider  General workflow: • Create a custom o.s.s.authentication.AuthenticationProvider implementation • Extend one that's similar, e.g. o.s.s.authentication.dao.DaoAuthenticationProvider • or directly implement the interface CONFIDENTIAL 50
Custom AuthenticationProvider  General workflow (cont.): • You'll probably want a custom o.s.s.core.Authentication • Extend an existing implementation, e.g. o.s.s.authentication.UsernamePasswordAuthenticationToken • or directly implement the interface CONFIDENTIAL 51
Custom AuthenticationProvider  General workflow (cont.): • If you're using a custom Authentication, you'll need a filter to create it • Create a custom javax.servlet.Filter implementation • Best to extend org.springframework.web.filter.GenericFilterBean • or one that's similar, e.g. o.s.s.web.authentication.UsernamePasswordAuthenticationFilter • Or directly implement the interface CONFIDENTIAL 52
Custom AuthenticationProvider  Registering the custom classes • If you're replacing functionality, register bean overrides in resources.groovy • If you're adding an alternate authentication option (e.g. for only some URLs) • Register the beans in resources.groovy • Register the provider as described in section “10 Authentication Providers” of the docs • Register the filter in its position as described in section “16 Filters” of the docs CONFIDENTIAL 53
Custom Post-logout Behavior CONFIDENTIAL 54
Custom Post-logout Behavior  Recall that logout is processed by MutableLogoutFilter after request for /j_spring_security_logout  handler.logout(request, response, auth) is called for each LogoutHandler  then redirect to post-logout url (by default ”/”) CONFIDENTIAL 55
Custom Post-logout Behavior  The default LogoutHandler implementations are • o.s.s.web.authentication.rememberme.TokenBasedRememberMeServices • Deletes the remember-me cookie • o.s.s.web.authentication.logout.SecurityContextLogoutHandler • Invalidates the HttpSession • Removes the SecurityContext from the SecurityContextHolder CONFIDENTIAL 56
Custom Post-logout Behavior  Redirect is triggered by • logoutSuccessHandler.onLogoutSuccess(request, response, auth) • LogoutSuccessHandler is an instance of o.s.s.web.authentication.logout.SimpleUrlLogoutSuccessHandler CONFIDENTIAL 57
Custom Post-logout Behavior  To add logic to dynamically determine redirect url: • Subclass SimpleUrlLogoutSuccessHandler • Since the Authentication isn't available in determineTargetUrl, override onLogoutSuccess and set it in a ThreadLocal CONFIDENTIAL 58
Custom Post-logout Behavior  To add logic to dynamically determine redirect url (cont.): private static final ThreadLocal<Authentication> AUTH_HOLDER = new ThreadLocal<Authentication>() … void onLogoutSuccess(...) throws ... { AUTH_HOLDER.set authentication try { super.handle(request, response, authentication) } finally { AUTH_HOLDER.remove() } } CONFIDENTIAL 59
Custom Post-logout Behavior  To add logic to dynamically determine redirect url (cont.): • Override determineTargetUrl protected String determineTargetUrl(...) { Authentication auth = AUTH_HOLDER.get() String url = super.determineTargetUrl(request, response) if (auth instanceof OrganizationAuthentication) { OrganizationAuthentication authentication = auth url = ... } url } CONFIDENTIAL 60
Custom Post-logout Behavior  To add logic to dynamically determine redirect url (cont.): • Redefine the logoutSuccessHandler bean in resources.groovy import com.mycompany.myapp.CustomLogoutSuccessHandler import o.c.g.g.plugins.springsecurity.SpringSecurityUtils beans = { def conf = SpringSecurityUtils.securityConfig logoutSuccessHandler(CustomLogoutSuccessHandler) { redirectStrategy = ref('redirectStrategy') defaultTargetUrl = conf.logout.afterLogoutUrl } } CONFIDENTIAL 61
Customization Overview CONFIDENTIAL 62
Customization Overview  Subclass or replace filters in the chain: • SecurityContextPersistenceFilter • MutableLogoutFilter • RequestHolderAuthenticationFilter (UsernamePasswordAuthenticationFilter) • SecurityContextHolderAwareRequestFilter • RememberMeAuthenticationFilter • AnonymousAuthenticationFilter • ExceptionTranslationFilter • FilterSecurityInterceptor CONFIDENTIAL 63
Customization Overview (cont)  Remove filter(s) from the chain • Not recommended  Add filter(s) to the chain  Add/remove/replace LogoutHandler(s)  Add/remove/replace AccessDecisionVoter(s)  Add/remove/replace AuthenticationProvider(s) CONFIDENTIAL 64
Customization Overview (cont)  Customize a filter or AuthenticationProvider's dependency • e.g. custom UserDetailsService  Don't write code if you can customize properties or BootStrap.groovy  Read the Spring Security documentation • Print the PDF and read it on your commute  Ask for help on the Grails User mailing list CONFIDENTIAL 65
See http://burtbeckwith.com/blog/?p=1090 for a blog post on the previous talk in London CONFIDENTIAL 66
Thank you CONFIDENTIAL 67

Recommended

Fault tolerance in wsn
Fault tolerance in wsnFault tolerance in wsn
Fault tolerance in wsnElham Hormozi
 
Mobility Management
Mobility ManagementMobility Management
Mobility ManagementVivek Purushotham
 
How to connect redis and mule esb using spring data redis module
How to connect redis and mule esb using spring data redis moduleHow to connect redis and mule esb using spring data redis module
How to connect redis and mule esb using spring data redis modulePriyobroto Ghosh (Mule ESB Certified)
 
18CSL58 DBMS LAB Manual.pdf
18CSL58 DBMS LAB Manual.pdf18CSL58 DBMS LAB Manual.pdf
18CSL58 DBMS LAB Manual.pdfSyed Mustafa
 
Moxa Solution for Rail and Transportation Market
Moxa Solution for Rail and Transportation MarketMoxa Solution for Rail and Transportation Market
Moxa Solution for Rail and Transportation MarketEric Lo
 
Static Routing
Static RoutingStatic Routing
Static RoutingSachii Dosti
 
Wireless Network Architecture
Wireless Network ArchitectureWireless Network Architecture
Wireless Network ArchitecturePawandeep Singh
 
Bluetooth Chat
Bluetooth ChatBluetooth Chat
Bluetooth ChatPanchhi Sahu
 

Recommended

Fault tolerance in wsn
Fault tolerance in wsnFault tolerance in wsn
Fault tolerance in wsnElham Hormozi
 
Mobility Management
Mobility ManagementMobility Management
Mobility ManagementVivek Purushotham
 
How to connect redis and mule esb using spring data redis module
How to connect redis and mule esb using spring data redis moduleHow to connect redis and mule esb using spring data redis module
How to connect redis and mule esb using spring data redis modulePriyobroto Ghosh (Mule ESB Certified)
 
18CSL58 DBMS LAB Manual.pdf
18CSL58 DBMS LAB Manual.pdf18CSL58 DBMS LAB Manual.pdf
18CSL58 DBMS LAB Manual.pdfSyed Mustafa
 
Moxa Solution for Rail and Transportation Market
Moxa Solution for Rail and Transportation MarketMoxa Solution for Rail and Transportation Market
Moxa Solution for Rail and Transportation MarketEric Lo
 
Static Routing
Static RoutingStatic Routing
Static RoutingSachii Dosti
 
Wireless Network Architecture
Wireless Network ArchitectureWireless Network Architecture
Wireless Network ArchitecturePawandeep Singh
 
Bluetooth Chat
Bluetooth ChatBluetooth Chat
Bluetooth ChatPanchhi Sahu
 
Wi-Fi based indoor positioning
Wi-Fi based indoor positioningWi-Fi based indoor positioning
Wi-Fi based indoor positioningSherwin Rodrigues
 
Key Technologies for IoT
Key Technologies for IoTKey Technologies for IoT
Key Technologies for IoTBjörn Ekelund
 
Wireless sensor network
Wireless sensor networkWireless sensor network
Wireless sensor networkNeha Kulkarni
 
SCCM Cloud Management Gateway
SCCM Cloud Management Gateway SCCM Cloud Management Gateway
SCCM Cloud Management Gateway Anoop Nair
 
Secure your applications with Azure AD and Key Vault
Secure your applications with Azure AD and Key VaultSecure your applications with Azure AD and Key Vault
Secure your applications with Azure AD and Key VaultDavide Benvegnù
 
Court Case Management System
Court Case Management SystemCourt Case Management System
Court Case Management SystemLahiru Manchanayake
 
Network Design for a Small & Medium Enterprise
Network Design for a Small & Medium EnterpriseNetwork Design for a Small & Medium Enterprise
Network Design for a Small & Medium EnterpriseThamalsha Wijayarathna
 
CCNA Router Startup and Configuration
CCNA Router Startup and ConfigurationCCNA Router Startup and Configuration
CCNA Router Startup and ConfigurationDsunte Wilson
 
WiFi Technology & IEEE
WiFi Technology & IEEEWiFi Technology & IEEE
WiFi Technology & IEEEvasanthimuniasamy
 
Indoor navigation system
Indoor navigation systemIndoor navigation system
Indoor navigation systemOmkar Paranjape
 
Mobile IP
Mobile IPMobile IP
Mobile IPshankul07
 
Wireless Sensor Network
Wireless Sensor NetworkWireless Sensor Network
Wireless Sensor NetworkMuhammad Farooq Hussain
 
18CSMP68 VTU Mobile Application Develeopment Lab Manual by Nithin, VVCE, Mysuru
18CSMP68 VTU Mobile Application Develeopment Lab Manual by Nithin, VVCE, Mysuru18CSMP68 VTU Mobile Application Develeopment Lab Manual by Nithin, VVCE, Mysuru
18CSMP68 VTU Mobile Application Develeopment Lab Manual by Nithin, VVCE, MysuruNithin Kumar,VVCE, Mysuru
 
MySQL
MySQLMySQL
MySQLGouthaman V
 
Wireless communication
Wireless communicationWireless communication
Wireless communicationKomal Gandhi
 
Mail Server Configuration with Cisco Packet Tracer
Mail Server Configuration with Cisco Packet TracerMail Server Configuration with Cisco Packet Tracer
Mail Server Configuration with Cisco Packet TracerMaksudujjaman
 
Wifi & 802.11 Standards
Wifi & 802.11 StandardsWifi & 802.11 Standards
Wifi & 802.11 StandardsVipul Kumar Maurya
 
RESUME OF PRIYA KUMARI
RESUME OF PRIYA KUMARIRESUME OF PRIYA KUMARI
RESUME OF PRIYA KUMARIpriya kumari
 
Subnetting Made Easy
Subnetting Made EasySubnetting Made Easy
Subnetting Made Easyheidionthego
 
Chapter 8 - IP Subnetting, Troubleshooting and Introduction to NAT 9e
Chapter 8 - IP Subnetting, Troubleshooting and Introduction to NAT 9eChapter 8 - IP Subnetting, Troubleshooting and Introduction to NAT 9e
Chapter 8 - IP Subnetting, Troubleshooting and Introduction to NAT 9eadpeer
 
Groovy & Grails - From Scratch to Production
Groovy & Grails - From Scratch to Production Groovy & Grails - From Scratch to Production
Groovy & Grails - From Scratch to Production Tal Maayani
 
Hacking the Grails Spring Security 2.0 Plugin
Hacking the Grails Spring Security 2.0 PluginHacking the Grails Spring Security 2.0 Plugin
Hacking the Grails Spring Security 2.0 PluginBurt Beckwith
 

More Related Content

What's hot

Wi-Fi based indoor positioning
Wi-Fi based indoor positioningWi-Fi based indoor positioning
Wi-Fi based indoor positioningSherwin Rodrigues
 
Key Technologies for IoT
Key Technologies for IoTKey Technologies for IoT
Key Technologies for IoTBjörn Ekelund
 
Wireless sensor network
Wireless sensor networkWireless sensor network
Wireless sensor networkNeha Kulkarni
 
SCCM Cloud Management Gateway
SCCM Cloud Management Gateway SCCM Cloud Management Gateway
SCCM Cloud Management Gateway Anoop Nair
 
Secure your applications with Azure AD and Key Vault
Secure your applications with Azure AD and Key VaultSecure your applications with Azure AD and Key Vault
Secure your applications with Azure AD and Key VaultDavide Benvegnù
 
Network Design for a Small & Medium Enterprise
Network Design for a Small & Medium EnterpriseNetwork Design for a Small & Medium Enterprise
Network Design for a Small & Medium EnterpriseThamalsha Wijayarathna
 
CCNA Router Startup and Configuration
CCNA Router Startup and ConfigurationCCNA Router Startup and Configuration
CCNA Router Startup and ConfigurationDsunte Wilson
 
Indoor navigation system
Indoor navigation systemIndoor navigation system
Indoor navigation systemOmkar Paranjape
 
18CSMP68 VTU Mobile Application Develeopment Lab Manual by Nithin, VVCE, Mysuru
18CSMP68 VTU Mobile Application Develeopment Lab Manual by Nithin, VVCE, Mysuru18CSMP68 VTU Mobile Application Develeopment Lab Manual by Nithin, VVCE, Mysuru
18CSMP68 VTU Mobile Application Develeopment Lab Manual by Nithin, VVCE, MysuruNithin Kumar,VVCE, Mysuru
 
Wireless communication
Wireless communicationWireless communication
Wireless communicationKomal Gandhi
 
Mail Server Configuration with Cisco Packet Tracer
Mail Server Configuration with Cisco Packet TracerMail Server Configuration with Cisco Packet Tracer
Mail Server Configuration with Cisco Packet TracerMaksudujjaman
 
RESUME OF PRIYA KUMARI
RESUME OF PRIYA KUMARIRESUME OF PRIYA KUMARI
RESUME OF PRIYA KUMARIpriya kumari
 
Subnetting Made Easy
Subnetting Made EasySubnetting Made Easy
Subnetting Made Easyheidionthego
 
Chapter 8 - IP Subnetting, Troubleshooting and Introduction to NAT 9e
Chapter 8 - IP Subnetting, Troubleshooting and Introduction to NAT 9eChapter 8 - IP Subnetting, Troubleshooting and Introduction to NAT 9e
Chapter 8 - IP Subnetting, Troubleshooting and Introduction to NAT 9eadpeer
 

What's hot (20)

Wi-Fi based indoor positioning
Wi-Fi based indoor positioningWi-Fi based indoor positioning
Wi-Fi based indoor positioning
 
Key Technologies for IoT
Key Technologies for IoTKey Technologies for IoT
Key Technologies for IoT
 
Wireless sensor network
Wireless sensor networkWireless sensor network
Wireless sensor network
 
SCCM Cloud Management Gateway
SCCM Cloud Management Gateway SCCM Cloud Management Gateway
SCCM Cloud Management Gateway
 
Secure your applications with Azure AD and Key Vault
Secure your applications with Azure AD and Key VaultSecure your applications with Azure AD and Key Vault
Secure your applications with Azure AD and Key Vault
 
Court Case Management System
Court Case Management SystemCourt Case Management System
Court Case Management System
 
Network Design for a Small & Medium Enterprise
Network Design for a Small & Medium EnterpriseNetwork Design for a Small & Medium Enterprise
Network Design for a Small & Medium Enterprise
 
CCNA Router Startup and Configuration
CCNA Router Startup and ConfigurationCCNA Router Startup and Configuration
CCNA Router Startup and Configuration
 
WiFi Technology & IEEE
WiFi Technology & IEEEWiFi Technology & IEEE
WiFi Technology & IEEE
 
Indoor navigation system
Indoor navigation systemIndoor navigation system
Indoor navigation system
 
Mobile IP
Mobile IPMobile IP
Mobile IP
 
Wireless Sensor Network
Wireless Sensor NetworkWireless Sensor Network
Wireless Sensor Network
 
18CSMP68 VTU Mobile Application Develeopment Lab Manual by Nithin, VVCE, Mysuru
18CSMP68 VTU Mobile Application Develeopment Lab Manual by Nithin, VVCE, Mysuru18CSMP68 VTU Mobile Application Develeopment Lab Manual by Nithin, VVCE, Mysuru
18CSMP68 VTU Mobile Application Develeopment Lab Manual by Nithin, VVCE, Mysuru
 
MySQL
MySQLMySQL
MySQL
 
Wireless communication
Wireless communicationWireless communication
Wireless communication
 
Mail Server Configuration with Cisco Packet Tracer
Mail Server Configuration with Cisco Packet TracerMail Server Configuration with Cisco Packet Tracer
Mail Server Configuration with Cisco Packet Tracer
 
Wifi & 802.11 Standards
Wifi & 802.11 StandardsWifi & 802.11 Standards
Wifi & 802.11 Standards
 
RESUME OF PRIYA KUMARI
RESUME OF PRIYA KUMARIRESUME OF PRIYA KUMARI
RESUME OF PRIYA KUMARI
 
Subnetting Made Easy
Subnetting Made EasySubnetting Made Easy
Subnetting Made Easy
 
Chapter 8 - IP Subnetting, Troubleshooting and Introduction to NAT 9e
Chapter 8 - IP Subnetting, Troubleshooting and Introduction to NAT 9eChapter 8 - IP Subnetting, Troubleshooting and Introduction to NAT 9e
Chapter 8 - IP Subnetting, Troubleshooting and Introduction to NAT 9e
 

Viewers also liked

Groovy & Grails - From Scratch to Production
Groovy & Grails - From Scratch to Production Groovy & Grails - From Scratch to Production
Groovy & Grails - From Scratch to Production Tal Maayani
 
Hacking the Grails Spring Security 2.0 Plugin
Hacking the Grails Spring Security 2.0 PluginHacking the Grails Spring Security 2.0 Plugin
Hacking the Grails Spring Security 2.0 PluginBurt Beckwith
 
Advanced GORM - Performance, Customization and Monitoring
Advanced GORM - Performance, Customization and MonitoringAdvanced GORM - Performance, Customization and Monitoring
Advanced GORM - Performance, Customization and MonitoringBurt Beckwith
 
Geb+spock: let your functional tests live long and prosper
Geb+spock: let your functional tests live long and prosperGeb+spock: let your functional tests live long and prosper
Geb+spock: let your functional tests live long and prosperEsther Lozano
 
Little Did He Know ...
Little Did He Know ...Little Did He Know ...
Little Did He Know ...Burt Beckwith
 
GriffDnie (Griffon Demo)
GriffDnie (Griffon Demo)GriffDnie (Griffon Demo)
GriffDnie (Griffon Demo)Jorge Aguilera
 
Macro macro, burrito burrit
Macro macro, burrito burritMacro macro, burrito burrit
Macro macro, burrito burritMario García
 
Fun With Spring Security
Fun With Spring SecurityFun With Spring Security
Fun With Spring SecurityBurt Beckwith
 

Viewers also liked (9)

Groovy & Grails - From Scratch to Production
Groovy & Grails - From Scratch to Production Groovy & Grails - From Scratch to Production
Groovy & Grails - From Scratch to Production
 
Hacking the Grails Spring Security 2.0 Plugin
Hacking the Grails Spring Security 2.0 PluginHacking the Grails Spring Security 2.0 Plugin
Hacking the Grails Spring Security 2.0 Plugin
 
Advanced GORM - Performance, Customization and Monitoring
Advanced GORM - Performance, Customization and MonitoringAdvanced GORM - Performance, Customization and Monitoring
Advanced GORM - Performance, Customization and Monitoring
 
Geb+spock: let your functional tests live long and prosper
Geb+spock: let your functional tests live long and prosperGeb+spock: let your functional tests live long and prosper
Geb+spock: let your functional tests live long and prosper
 
Little Did He Know ...
Little Did He Know ...Little Did He Know ...
Little Did He Know ...
 
De Java a Swift pasando por Groovy
De Java a Swift pasando por GroovyDe Java a Swift pasando por Groovy
De Java a Swift pasando por Groovy
 
GriffDnie (Griffon Demo)
GriffDnie (Griffon Demo)GriffDnie (Griffon Demo)
GriffDnie (Griffon Demo)
 
Macro macro, burrito burrit
Macro macro, burrito burritMacro macro, burrito burrit
Macro macro, burrito burrit
 
Fun With Spring Security
Fun With Spring SecurityFun With Spring Security
Fun With Spring Security
 

Similar to Hacking the Grails Spring Security Plugins

Spring Framework - Spring Security
Spring Framework - Spring SecuritySpring Framework - Spring Security
Spring Framework - Spring SecurityDzmitry Naskou
 
Under the Hood: Using Spring in Grails
Under the Hood: Using Spring in GrailsUnder the Hood: Using Spring in Grails
Under the Hood: Using Spring in GrailsGR8Conf
 
Multi Client Development with Spring
Multi Client Development with SpringMulti Client Development with Spring
Multi Client Development with SpringJoshua Long
 
Under the Hood: Using Spring in Grails
Under the Hood: Using Spring in GrailsUnder the Hood: Using Spring in Grails
Under the Hood: Using Spring in GrailsBurt Beckwith
 
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Matt Raible
 
A Series of Fortunate Events: Building an Operator in Java
A Series of Fortunate Events: Building an Operator in JavaA Series of Fortunate Events: Building an Operator in Java
A Series of Fortunate Events: Building an Operator in JavaVMware Tanzu
 
Spring and Cloud Foundry; a Marriage Made in Heaven
Spring and Cloud Foundry; a Marriage Made in HeavenSpring and Cloud Foundry; a Marriage Made in Heaven
Spring and Cloud Foundry; a Marriage Made in HeavenJoshua Long
 
Integrating Security Roles into Microsoft Silverlight Applications
Integrating Security Roles into Microsoft Silverlight ApplicationsIntegrating Security Roles into Microsoft Silverlight Applications
Integrating Security Roles into Microsoft Silverlight ApplicationsDan Wahlin
 
Developing your first application using FI-WARE
Developing your first application using FI-WAREDeveloping your first application using FI-WARE
Developing your first application using FI-WAREFermin Galan
 
iOS Keychain by 흰, 민디
iOS Keychain by 흰, 민디iOS Keychain by 흰, 민디
iOS Keychain by 흰, 민디MINJICHO20
 
Spring & Hibernate
Spring & HibernateSpring & Hibernate
Spring & HibernateJiayun Zhou
 
EPAM IT WEEK: AEM & TDD. It's so boring...
EPAM IT WEEK: AEM & TDD. It's so boring...EPAM IT WEEK: AEM & TDD. It's so boring...
EPAM IT WEEK: AEM & TDD. It's so boring...Andrew Manuev
 
Nestjs MasterClass Slides
Nestjs MasterClass SlidesNestjs MasterClass Slides
Nestjs MasterClass SlidesNir Kaufman
 
Introduction to PicketLink
Introduction to PicketLinkIntroduction to PicketLink
Introduction to PicketLinkJBUG London
 
Spring 3: What's New
Spring 3: What's NewSpring 3: What's New
Spring 3: What's NewTed Pennings
 
Spring framework in depth
Spring framework in depthSpring framework in depth
Spring framework in depthVinay Kumar
 
Spring Framework Petclinic sample application
Spring Framework Petclinic sample applicationSpring Framework Petclinic sample application
Spring Framework Petclinic sample applicationAntoine Rey
 
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Matt Raible
 

Similar to Hacking the Grails Spring Security Plugins (20)

Spring Framework - Spring Security
Spring Framework - Spring SecuritySpring Framework - Spring Security
Spring Framework - Spring Security
 
Under the Hood: Using Spring in Grails
Under the Hood: Using Spring in GrailsUnder the Hood: Using Spring in Grails
Under the Hood: Using Spring in Grails
 
Multi Client Development with Spring
Multi Client Development with SpringMulti Client Development with Spring
Multi Client Development with Spring
 
Under the Hood: Using Spring in Grails
Under the Hood: Using Spring in GrailsUnder the Hood: Using Spring in Grails
Under the Hood: Using Spring in Grails
 
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
 
A Series of Fortunate Events: Building an Operator in Java
A Series of Fortunate Events: Building an Operator in JavaA Series of Fortunate Events: Building an Operator in Java
A Series of Fortunate Events: Building an Operator in Java
 
Spring and Cloud Foundry; a Marriage Made in Heaven
Spring and Cloud Foundry; a Marriage Made in HeavenSpring and Cloud Foundry; a Marriage Made in Heaven
Spring and Cloud Foundry; a Marriage Made in Heaven
 
Integrating Security Roles into Microsoft Silverlight Applications
Integrating Security Roles into Microsoft Silverlight ApplicationsIntegrating Security Roles into Microsoft Silverlight Applications
Integrating Security Roles into Microsoft Silverlight Applications
 
Developing your first application using FI-WARE
Developing your first application using FI-WAREDeveloping your first application using FI-WARE
Developing your first application using FI-WARE
 
iOS Keychain by 흰, 민디
iOS Keychain by 흰, 민디iOS Keychain by 흰, 민디
iOS Keychain by 흰, 민디
 
Spring & Hibernate
Spring & HibernateSpring & Hibernate
Spring & Hibernate
 
Spring Security.ppt
Spring Security.pptSpring Security.ppt
Spring Security.ppt
 
EPAM IT WEEK: AEM & TDD. It's so boring...
EPAM IT WEEK: AEM & TDD. It's so boring...EPAM IT WEEK: AEM & TDD. It's so boring...
EPAM IT WEEK: AEM & TDD. It's so boring...
 
Nestjs MasterClass Slides
Nestjs MasterClass SlidesNestjs MasterClass Slides
Nestjs MasterClass Slides
 
Introduction to PicketLink
Introduction to PicketLinkIntroduction to PicketLink
Introduction to PicketLink
 
Spring 3: What's New
Spring 3: What's NewSpring 3: What's New
Spring 3: What's New
 
Spring framework in depth
Spring framework in depthSpring framework in depth
Spring framework in depth
 
Spring Framework Petclinic sample application
Spring Framework Petclinic sample applicationSpring Framework Petclinic sample application
Spring Framework Petclinic sample application
 
The most basic inline tag
The most basic inline tagThe most basic inline tag
The most basic inline tag
 
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
 

More from GR8Conf

DevOps Enabling Your Team
DevOps Enabling Your TeamDevOps Enabling Your Team
DevOps Enabling Your TeamGR8Conf
 
Creating and testing REST contracts with Accurest Gradle
Creating and testing REST contracts with Accurest Gradle Creating and testing REST contracts with Accurest Gradle
Creating and testing REST contracts with Accurest Gradle GR8Conf
 
Mum, I want to be a Groovy full-stack developer
Mum, I want to be a Groovy full-stack developerMum, I want to be a Groovy full-stack developer
Mum, I want to be a Groovy full-stack developerGR8Conf
 
Metaprogramming with Groovy
Metaprogramming with GroovyMetaprogramming with Groovy
Metaprogramming with GroovyGR8Conf
 
Scraping with Geb
Scraping with GebScraping with Geb
Scraping with GebGR8Conf
 
How to create a conference android app with Groovy and Android
How to create a conference android app with Groovy and AndroidHow to create a conference android app with Groovy and Android
How to create a conference android app with Groovy and AndroidGR8Conf
 
Ratpack On the Docks
Ratpack On the DocksRatpack On the Docks
Ratpack On the DocksGR8Conf
 
Groovy Powered Clean Code
Groovy Powered Clean CodeGroovy Powered Clean Code
Groovy Powered Clean CodeGR8Conf
 
Cut your Grails application to pieces - build feature plugins
Cut your Grails application to pieces - build feature pluginsCut your Grails application to pieces - build feature plugins
Cut your Grails application to pieces - build feature pluginsGR8Conf
 
Performance tuning Grails applications
Performance tuning Grails applications Performance tuning Grails applications
Performance tuning Grails applicationsGR8Conf
 
Ratpack and Grails 3
Ratpack and Grails 3 Ratpack and Grails 3
Ratpack and Grails 3GR8Conf
 
Grails & DevOps: continuous integration and delivery in the cloud
Grails & DevOps: continuous integration and delivery in the cloudGrails & DevOps: continuous integration and delivery in the cloud
Grails & DevOps: continuous integration and delivery in the cloudGR8Conf
 
Functional testing your Grails app with GEB
Functional testing your Grails app with GEBFunctional testing your Grails app with GEB
Functional testing your Grails app with GEBGR8Conf
 
Deploying, Scaling, and Running Grails on AWS and VPC
Deploying, Scaling, and Running Grails on AWS and VPCDeploying, Scaling, and Running Grails on AWS and VPC
Deploying, Scaling, and Running Grails on AWS and VPCGR8Conf
 
The Grails introduction workshop
The Grails introduction workshopThe Grails introduction workshop
The Grails introduction workshopGR8Conf
 
Idiomatic spock
Idiomatic spockIdiomatic spock
Idiomatic spockGR8Conf
 
The Groovy Ecosystem Revisited
The Groovy Ecosystem RevisitedThe Groovy Ecosystem Revisited
The Groovy Ecosystem RevisitedGR8Conf
 
Groovy 3 and the new Groovy Meta Object Protocol in examples
Groovy 3 and the new Groovy Meta Object Protocol in examplesGroovy 3 and the new Groovy Meta Object Protocol in examples
Groovy 3 and the new Groovy Meta Object Protocol in examplesGR8Conf
 
Integration using Apache Camel and Groovy
Integration using Apache Camel and GroovyIntegration using Apache Camel and Groovy
Integration using Apache Camel and GroovyGR8Conf
 
CRaSH the shell for the Java Virtual Machine
CRaSH the shell for the Java Virtual MachineCRaSH the shell for the Java Virtual Machine
CRaSH the shell for the Java Virtual MachineGR8Conf
 

More from GR8Conf (20)

DevOps Enabling Your Team
DevOps Enabling Your TeamDevOps Enabling Your Team
DevOps Enabling Your Team
 
Creating and testing REST contracts with Accurest Gradle
Creating and testing REST contracts with Accurest Gradle Creating and testing REST contracts with Accurest Gradle
Creating and testing REST contracts with Accurest Gradle
 
Mum, I want to be a Groovy full-stack developer
Mum, I want to be a Groovy full-stack developerMum, I want to be a Groovy full-stack developer
Mum, I want to be a Groovy full-stack developer
 
Metaprogramming with Groovy
Metaprogramming with GroovyMetaprogramming with Groovy
Metaprogramming with Groovy
 
Scraping with Geb
Scraping with GebScraping with Geb
Scraping with Geb
 
How to create a conference android app with Groovy and Android
How to create a conference android app with Groovy and AndroidHow to create a conference android app with Groovy and Android
How to create a conference android app with Groovy and Android
 
Ratpack On the Docks
Ratpack On the DocksRatpack On the Docks
Ratpack On the Docks
 
Groovy Powered Clean Code
Groovy Powered Clean CodeGroovy Powered Clean Code
Groovy Powered Clean Code
 
Cut your Grails application to pieces - build feature plugins
Cut your Grails application to pieces - build feature pluginsCut your Grails application to pieces - build feature plugins
Cut your Grails application to pieces - build feature plugins
 
Performance tuning Grails applications
Performance tuning Grails applications Performance tuning Grails applications
Performance tuning Grails applications
 
Ratpack and Grails 3
Ratpack and Grails 3 Ratpack and Grails 3
Ratpack and Grails 3
 
Grails & DevOps: continuous integration and delivery in the cloud
Grails & DevOps: continuous integration and delivery in the cloudGrails & DevOps: continuous integration and delivery in the cloud
Grails & DevOps: continuous integration and delivery in the cloud
 
Functional testing your Grails app with GEB
Functional testing your Grails app with GEBFunctional testing your Grails app with GEB
Functional testing your Grails app with GEB
 
Deploying, Scaling, and Running Grails on AWS and VPC
Deploying, Scaling, and Running Grails on AWS and VPCDeploying, Scaling, and Running Grails on AWS and VPC
Deploying, Scaling, and Running Grails on AWS and VPC
 
The Grails introduction workshop
The Grails introduction workshopThe Grails introduction workshop
The Grails introduction workshop
 
Idiomatic spock
Idiomatic spockIdiomatic spock
Idiomatic spock
 
The Groovy Ecosystem Revisited
The Groovy Ecosystem RevisitedThe Groovy Ecosystem Revisited
The Groovy Ecosystem Revisited
 
Groovy 3 and the new Groovy Meta Object Protocol in examples
Groovy 3 and the new Groovy Meta Object Protocol in examplesGroovy 3 and the new Groovy Meta Object Protocol in examples
Groovy 3 and the new Groovy Meta Object Protocol in examples
 
Integration using Apache Camel and Groovy
Integration using Apache Camel and GroovyIntegration using Apache Camel and Groovy
Integration using Apache Camel and Groovy
 
CRaSH the shell for the Java Virtual Machine
CRaSH the shell for the Java Virtual MachineCRaSH the shell for the Java Virtual Machine
CRaSH the shell for the Java Virtual Machine
 

Recently uploaded

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 

Recently uploaded (20)

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 

Hacking the Grails Spring Security Plugins

  • 1. Hacking the Grails Spring  Security Plugins Burt Beckwith SpringSource
  • 4. web.xml  Spring Security is implemented as a filter chain, so the <filter-mapping> elements are the important ones: • charEncodingFilter • hiddenHttpMethod • grailsWebRequest • springSecurityFilterChain • reloadFilter • sitemesh • urlMapping CONFIDENTIAL 4
  • 5. web.xml  Spring Security is implemented as a filter chain, so the <filter-mapping> elements are the important ones: • charEncodingFilter • hiddenHttpMethod • grailsWebRequest • springSecurityFilterChain • reloadFilter • sitemesh • urlMapping CONFIDENTIAL 5
  • 6. web.xml - charEncodingFilter  org.springframework.web.filter.DelegatingFilterProxy  Uses the "characterEncodingFilter" bean (org.springframework.web.filter.CharacterEncodingFilter) defined in applicationContext.xml (the “parent” context)  request.setCharacterEncoding("utf-8");  response.setCharacterEncoding("utf-8"); CONFIDENTIAL 6
  • 7. web.xml - hiddenHttpMethod  org.codehaus.groovy.grails.web.filters.HiddenHttpMethodFilter String httpMethod = getHttpMethodOverride(request); filterChain.doFilter( new HttpMethodRequestWrapper(httpMethod, request), response);  <g:form controller="book" method="DELETE">  See section “13.1 REST” in the docs CONFIDENTIAL 7
  • 8. web.xml - grailsWebRequest  org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter LocaleContextHolder.setLocale(request.getLocale()); GrailsWebRequest webRequest = new GrailsWebRequest( request, response, getServletContext()); configureParameterCreationListeners(webRequest); try { WebUtils.storeGrailsWebRequest(webRequest); // Set the flash scope instance to its next state FlashScope fs = webRequest.getAttributes().getFlashScope(request); fs.next(); filterChain.doFilter(request, response); } finally { webRequest.requestCompleted(); WebUtils.clearGrailsWebRequest(); LocaleContextHolder.setLocale(null); } CONFIDENTIAL 8
  • 9. web.xml - springSecurityFilterChain  org.springframework.web.filter.DelegatingFilterProxy  Uses the "springSecurityFilterChain" bean defined by the plugin (org.springframework.security.web.FilterChainProxy) CONFIDENTIAL 9
  • 10. web.xml - springSecurityFilterChain  Typical filter beans: • securityContextPersistenceFilter • logoutFilter • authenticationProcessingFilter • securityContextHolderAwareRequestFilter • rememberMeAuthenticationFilter • anonymousAuthenticationFilter • exceptionTranslationFilter • filterInvocationInterceptor CONFIDENTIAL 10
  • 11. web.xml - reloadFilter  org.codehaus.groovy.grails.web.servlet.filter.GrailsReloadServletFilter  No longer used in 2.0+  “Copies resources from the source on content change and manages reloading if necessary.” GrailsApplication application = (GrailsApplication)context.getBean( GrailsApplication.APPLICATION_ID); if (!application.isInitialised()) { application.rebuild(); GrailsRuntimeConfigurator config = new GrailsRuntimeConfigurator( application, parent); config.reconfigure(context, getServletContext(), true); } CONFIDENTIAL 11
  • 12. web.xml - sitemesh  org.codehaus.groovy.grails.web.sitemesh.GrailsPageFilter  Subclass of com.opensymphony.sitemesh.webapp.SiteMeshFilter  Renders Sitemesh templates/layouts CONFIDENTIAL 12
  • 13. web.xml - urlMapping  org.codehaus.groovy.grails.web.mapping.filter.UrlMappingsFilter  Matches requested url to the correct controller/action/view/error code  Based on mappings in grails-app/conf/UrlMappings.groovy CONFIDENTIAL 13
  • 14. springSecurityFilterChain CONFIDENTIAL 14
  • 15. springSecurityFilterChain - securityContextPersistenceFilter  org.springframework.security.web.context.SecurityContextPersistenceFilter  Retrieves the SecurityContext from the HTTP session (under the ”SPRING_SECURITY_CONTEXT” key) or creates a new empty one  Stores the context in the holder: SecurityContextHolder.setContext()  Removes the context after request CONFIDENTIAL 15
  • 16. springSecurityFilterChain - logoutFilter  org.codehaus.groovy.grails.plugins.springsecurity.MutableLogoutFilter  If uri is ”/j_spring_security_logout” calls handler.logout(request, response, auth) for each o.s.s.web.authentication.logout.LogoutHandler and redirects to post- logout url (by default ”/”) CONFIDENTIAL 16
  • 17. springSecurityFilterChain - authenticationProcessingFilter  org.codehaus.groovy.grails.plugins.springsecurity.RequestHolderAuthenticationFilter (extends o.s.s.web.authentication.UsernamePasswordAuthenticationFilter)  Sets the request and response in the SecurityRequestHolder ThreadLocal fields (custom plugin functionality)  If uri is ”/j_spring_security_check” calls attemptAuthentication() CONFIDENTIAL 17
  • 18. springSecurityFilterChain - securityContextHolderAwareRequestFilter  o.s.s.web.servletapi.SecurityContextHolderAwareRequestFilter  Configures a request wrapper which implements the servlet API security methods (getRemoteUser, getUserPrincipal, isUserInRole) chain.doFilter(new SecurityContextHolderAwareRequestWrapper( request, rolePrefix), response); CONFIDENTIAL 18
  • 19. springSecurityFilterChain - rememberMeAuthenticationFilter  o.s.s.web.authentication.rememberme.RememberMeAuthenticationFilter  If not logged in, attempt to login from the remember-me cookie CONFIDENTIAL 19
  • 20. springSecurityFilterChain - anonymousAuthenticationFilter  o.s.s.web.authentication.AnonymousAuthenticationFilter  If not logged in creates an AnonymousAuthenticationToken and registers it as the Authentication in the SecurityContext https://secure.flickr.com/photos/gaelx/5445598436/ CONFIDENTIAL 20
  • 21. springSecurityFilterChain - exceptionTranslationFilter  o.s.s.web.access.ExceptionTranslationFilter  Handles AccessDeniedException and AuthenticationException  For AuthenticationException will invoke the authenticationEntryPoint  For AccessDeniedException invoke the authenticationEntryPoint if anonymous, otherwise delegate to o.s.s.web.access.AccessDeniedHandler CONFIDENTIAL 21
  • 22. springSecurityFilterChain - filterInvocationInterceptor  o.s.s.web.access.intercept.FilterSecurityInterceptor  Determines the o.s.s.access.SecurityConfig collection for the request from FilterInvocationSecurityMetadataSource (AnnotationFilterInvocationDefinition, InterceptUrlMapFilterInvocationDefinition, or RequestmapFilterInvocationDefinition) CONFIDENTIAL 22
  • 23. springSecurityFilterChain - filterInvocationInterceptor  Delegates to an AccessDecisionManager (org.codehaus.groovy.grails.plugins.springsecurity. AuthenticatedVetoableDecisionManager) to call each registered o.s.s.access.AccessDecisionVoter CONFIDENTIAL 23
  • 24. springSecurityFilterChain - filterInvocationInterceptor  o.s.s.access.vote.AuthenticatedVoter works with “IS_AUTHENTICATED_FULLY”, “IS_AUTHENTICATED_REMEMBERED”, and “IS_AUTHENTICATED_ANONYMOUSLY” CONFIDENTIAL 24
  • 25. springSecurityFilterChain - filterInvocationInterceptor  o.s.s.access.vote.RoleHierarchyVoter finds the GrantedAuthority instances from the Authentication, checks for matches with required roles CONFIDENTIAL 25
  • 26. springSecurityFilterChain - filterInvocationInterceptor  org.codehaus.groovy.grails.plugins.springsecurity. WebExpressionVoter looks for a WebExpressionConfigAttribute and evaluates its expression if found CONFIDENTIAL 26
  • 27. springSecurityFilterChain - filterInvocationInterceptor Common built-in expressions Expression Description hasRole([role]) Returns true if the current principal has the specified role. hasAnyRole([role1,role2]) Returns true if the current principal has any of the supplied roles (given as a comma-separated list of strings) principal Allows direct access to the principal object representing the current user authentication Allows direct access to the current Authentication object obtained from the SecurityContext permitAll Always evaluates to true denyAll Always evaluates to false isAnonymous() Returns true if the current principal is an anonymous user isRememberMe() Returns true if the current principal is a remember-me user isAuthenticated() Returns true if the user is not anonymous isFullyAuthenticated() Returns true if the user is not an anonymous or a remember-me user CONFIDENTIAL 27
  • 28. springSecurityFilterChain - filterInvocationInterceptor if (denyCount > 0) { throw new AccessDeniedException("Access is denied"); }  this is caught by the exceptionTranslationFilter  If the Authentication is anonymous, stores a SavedRequest in the HTTP session and calls authenticationEntryPoint.commence( request, response, reason)  The authenticationEntryPoint is an org.codehaus.groovy.grails.plugins.springsecurity. AjaxAwareAuthenticationEntryPoint  This issues a redirect to the login page, by default /login/auth CONFIDENTIAL 28
  • 29. Customizing the Plugin CONFIDENTIAL 29
  • 30. Customizing the Plugin Traditional Spring Security uses XML with namespaced beans: <beans:beans xmlns="http://www.springframework.org/schema/security" ...> <http auto-config="true"> <intercept-url pattern="/admin/**" access="ROLE_ADMIN" /> </http> <authentication-manager> <authentication-provider> <jdbc-user-service data-source-ref="dataSource" /> </authentication-provider> </authentication-manager> </beans:beans> CONFIDENTIAL 30
  • 31. Customizing the Plugin  Simple; not always clear how to customize; many options aren't exposed  In contrast, the plugin explicitly defines every bean  See SpringSecurityCoreGrailsPlugin.groovy for the details CONFIDENTIAL 31
  • 32. Overriding Beans CONFIDENTIAL 32
  • 33. Overriding Beans accessDecisionManager filterInvocationInterceptor roleVoter accessDeniedHandler logoutFilter runAsManager anonymousAuthenticationFilter logoutHandlers saltSource anonymousAuthenticationProvider logoutSuccessHandler securityContextHolderAwareRequestFilter authenticatedVoter objectDefinitionSource securityContextLogoutHandler authenticationDetailsSource passwordEncoder securityContextPersistenceFilter authenticationEntryPoint portMapper securityEventListener authenticationEventPublisher portResolver sessionAuthenticationStrategy authenticationFailureHandler postAuthenticationChecks springSecurityFilterChain authenticationManager preAuthenticationChecks tokenRepository authenticationProcessingFilter redirectStrategy userCache authenticationSuccessHandler rememberMeAuthenticationFilter userDetailsService authenticationTrustResolver rememberMeAuthenticationProvider webExpressionHandler authenticationUserDetailsService rememberMeServices webExpressionVoter daoAuthenticationProvider requestCache webInvocationPrivilegeEvaluator exceptionTranslationFilter roleHierarchy CONFIDENTIAL 33
  • 34. Overriding Beans  Building the Spring ApplicationContext Core plugins Installed plugins resources.groovy CONFIDENTIAL 34
  • 35. Overriding Beans  Gross oversimplifications: • The ApplicationContext is like a Map; the keys are bean names and the values are bean instances • Defining a bean with the same name as an earlier bean replaces the previous, just like Map.put(key, value) does CONFIDENTIAL 35
  • 36. Overriding Beans  To change how a bean works: • Subclass the current class • Or subclass a similar class that's closer to what you need • Or implement the interface directly • Then register yours in grails-app/ conf/spring/resources.groovy CONFIDENTIAL 36
  • 37. Overriding Beans - resources.groovy beans = { saltSource(com.foo.bar.MySaltSource) { // bean properties } userDetailsService(com.foo.bar.MyUserDetailsService) { // bean properties } passwordEncoder(com.foo.bar.MyPasswordEncoder) { // bean properties } } CONFIDENTIAL 37
  • 38. Customizing Bean Properties CONFIDENTIAL 38
  • 39. Customizing Bean Properties  In addition to declaring every bean, nearly all properties are configured from default values in the plugin's grails-app/conf/DefaultSecurityConfig.groovy  DO NOT EDIT DefaultSecurityConfig.groovy CONFIDENTIAL 39
  • 40. Customizing Bean Properties  All properties can be overridden in app's Config.groovy • Be sure to add the grails.plugins.springsecurity prefix  Don't replace a bean if all you need to change is one or more properties CONFIDENTIAL 40
  • 41. Customizing Bean Properties active dao.hideUserNotFoundExceptions registerLoggerListener successHandler.useReferer adh.ajaxErrorPage dao.reflectionSaltSourceProperty rejectIfNoRule switchUser.exitUserUrl adh.errorPage digest.createAuthenticatedToken rememberMe.alwaysRemember switchUser.switchFailureUrl ajaxHeader digest.key rememberMe.cookieName switchUser.switchUserUrl anon.key digest.nonceValiditySeconds rememberMe.key switchUser.targetUrl anon.userAttribute digest.passwordAlreadyEncoded rememberMe.parameter useBasicAuth apf.allowSessionCreation digest.realmName rememberMe.persistent useDigestAuth apf.continueChainBeforeSuccessfulAuthentication digest.useCleartextPasswords rememberMe.persistentToken.domainClassName useHttpSessionEventPublisher apf.filterProcessesUrl failureHandler.ajaxAuthFailUrl rememberMe.persistentToken.seriesLength userLookup.accountExpiredPropertyName apf.passwordParameter failureHandler.defaultFailureUrl rememberMe.persistentToken.tokenLength userLookup.accountLockedPropertyName apf.postOnly failureHandler.exceptionMappings rememberMe.tokenValiditySeconds userLookup.authoritiesPropertyName apf.usernameParameter failureHandler.useForward rememberMe.useSecureCookie userLookup.authorityJoinClassName atr.anonymousClass filterChain.stripQueryStringFromUrls requestCache.createSession userLookup.enabledPropertyName atr.rememberMeClass interceptUrlMap requestCache.onlyOnGet userLookup.passwordExpiredPropertyName auth.ajaxLoginFormUrl ipRestrictions requestMap.className userLookup.passwordPropertyName auth.forceHttps logout.afterLogoutUrl requestMap.configAttributeField userLookup.userDomainClassName auth.loginFormUrl logout.filterProcessesUrl requestMap.urlField userLookup.usernamePropertyName auth.useForward logout.handlerNames roleHierarchy useSecurityEventListener authenticationDetails.authClass password.algorithm secureChannel.definition useSessionFixationPrevention authority.className password.bcrypt.logrounds securityConfigType useSwitchUserFilter authority.nameField password.encodeHashAsBase64 sessionFixationPrevention.alwaysCreateSession useX509 basic.realmName portMapper.httpPort sessionFixationPrevention.migrate voterNames cacheUsers portMapper.httpsPort successHandler.ajaxSuccessUrl x509.checkForPrincipalChanges controllerAnnotations.lowercase providerManager.eraseCredentialsAfterAuthentication successHandler.alwaysUseDefault x509.continueFilterChainOnUnsuccessfulAuthentication controllerAnnotations.matcher providerNames successHandler.defaultTargetUrl x509.invalidateSessionOnPrincipalChange controllerAnnotations.staticRules redirectStrategy.contextRelative successHandler.targetUrlParameter x509.subjectDnRegex x509.throwExceptionWhenTokenRejected CONFIDENTIAL 41
  • 42. Customizing Bean Properties grails-app/conf/Config.groovy: grails.plugins.springsecurity.userLookup.userDomainClassName = '…' grails.plugins.springsecurity.userLookup.authorityJoinClassName = '…' grails.plugins.springsecurity.authority.className = '…' grails.plugins.springsecurity.auth.loginFormUrl = '/log-in' grails.plugins.springsecurity.apf.filterProcessesUrl = '/authenticate' grails.plugins.springsecurity.logout.afterLogoutUrl = '/home' grails.plugins.springsecurity.userLookup.usernamePropertyName = 'email' CONFIDENTIAL 42
  • 43. Customizing Bean Properties  Can also configure beans in BootStrap.groovy, e.g. to avoid redefining a whole bean in resources.groovy just to change one dependency: class BootStrap { def authenticationProcessingFilter def myAuthenticationFailureHandler def init = { servletContext -> authenticationProcessingFilter.authenticationFailureHandler = myAuthenticationFailureHandler } } CONFIDENTIAL 43
  • 44. Custom UserDetailsService CONFIDENTIAL 44
  • 45. Custom UserDetailsService  Very common customization  Documented in the plugin docs in section “11 Custom UserDetailsService” CONFIDENTIAL 45
  • 46. Custom UserDetailsService  General workflow: • Create a custom o.s.s.core.userdetails.UserDetailsService (o.c.g.g.p.s.GrailsUserDetailsService) implementation • Directly implement the interface (best) • or extend org.codehaus.groovy.grails.plugins.springsecurity. GormUserDetailsService (ok, but usually cleaner to implement the interface) CONFIDENTIAL 46
  • 47. Custom UserDetailsService  General workflow (cont.): • Create a custom implementation of o.s.s.core.userdetails.UserDetails • Extend org.codehaus.groovy.grails.plugins.springsecurity.GrailsUser • or extend o.s.s.core.userdetails.User • or directly implement the interface CONFIDENTIAL 47
  • 48. Custom UserDetailsService  General workflow (cont.): • Register the bean override in grails-app/conf/spring/resources.groovy: import com.mycompany.myapp.MyUserDetailsService beans = { userDetailsService(MyUserDetailsService) } CONFIDENTIAL 48
  • 49. Custom AuthenticationProvider CONFIDENTIAL 49
  • 50. Custom AuthenticationProvider  General workflow: • Create a custom o.s.s.authentication.AuthenticationProvider implementation • Extend one that's similar, e.g. o.s.s.authentication.dao.DaoAuthenticationProvider • or directly implement the interface CONFIDENTIAL 50
  • 51. Custom AuthenticationProvider  General workflow (cont.): • You'll probably want a custom o.s.s.core.Authentication • Extend an existing implementation, e.g. o.s.s.authentication.UsernamePasswordAuthenticationToken • or directly implement the interface CONFIDENTIAL 51
  • 52. Custom AuthenticationProvider  General workflow (cont.): • If you're using a custom Authentication, you'll need a filter to create it • Create a custom javax.servlet.Filter implementation • Best to extend org.springframework.web.filter.GenericFilterBean • or one that's similar, e.g. o.s.s.web.authentication.UsernamePasswordAuthenticationFilter • Or directly implement the interface CONFIDENTIAL 52
  • 53. Custom AuthenticationProvider  Registering the custom classes • If you're replacing functionality, register bean overrides in resources.groovy • If you're adding an alternate authentication option (e.g. for only some URLs) • Register the beans in resources.groovy • Register the provider as described in section “10 Authentication Providers” of the docs • Register the filter in its position as described in section “16 Filters” of the docs CONFIDENTIAL 53
  • 54. Custom Post-logout Behavior CONFIDENTIAL 54
  • 55. Custom Post-logout Behavior  Recall that logout is processed by MutableLogoutFilter after request for /j_spring_security_logout  handler.logout(request, response, auth) is called for each LogoutHandler  then redirect to post-logout url (by default ”/”) CONFIDENTIAL 55
  • 56. Custom Post-logout Behavior  The default LogoutHandler implementations are • o.s.s.web.authentication.rememberme.TokenBasedRememberMeServices • Deletes the remember-me cookie • o.s.s.web.authentication.logout.SecurityContextLogoutHandler • Invalidates the HttpSession • Removes the SecurityContext from the SecurityContextHolder CONFIDENTIAL 56
  • 57. Custom Post-logout Behavior  Redirect is triggered by • logoutSuccessHandler.onLogoutSuccess(request, response, auth) • LogoutSuccessHandler is an instance of o.s.s.web.authentication.logout.SimpleUrlLogoutSuccessHandler CONFIDENTIAL 57
  • 58. Custom Post-logout Behavior  To add logic to dynamically determine redirect url: • Subclass SimpleUrlLogoutSuccessHandler • Since the Authentication isn't available in determineTargetUrl, override onLogoutSuccess and set it in a ThreadLocal CONFIDENTIAL 58
  • 59. Custom Post-logout Behavior  To add logic to dynamically determine redirect url (cont.): private static final ThreadLocal<Authentication> AUTH_HOLDER = new ThreadLocal<Authentication>() … void onLogoutSuccess(...) throws ... { AUTH_HOLDER.set authentication try { super.handle(request, response, authentication) } finally { AUTH_HOLDER.remove() } } CONFIDENTIAL 59
  • 60. Custom Post-logout Behavior  To add logic to dynamically determine redirect url (cont.): • Override determineTargetUrl protected String determineTargetUrl(...) { Authentication auth = AUTH_HOLDER.get() String url = super.determineTargetUrl(request, response) if (auth instanceof OrganizationAuthentication) { OrganizationAuthentication authentication = auth url = ... } url } CONFIDENTIAL 60
  • 61. Custom Post-logout Behavior  To add logic to dynamically determine redirect url (cont.): • Redefine the logoutSuccessHandler bean in resources.groovy import com.mycompany.myapp.CustomLogoutSuccessHandler import o.c.g.g.plugins.springsecurity.SpringSecurityUtils beans = { def conf = SpringSecurityUtils.securityConfig logoutSuccessHandler(CustomLogoutSuccessHandler) { redirectStrategy = ref('redirectStrategy') defaultTargetUrl = conf.logout.afterLogoutUrl } } CONFIDENTIAL 61
  • 62. Customization Overview CONFIDENTIAL 62
  • 63. Customization Overview  Subclass or replace filters in the chain: • SecurityContextPersistenceFilter • MutableLogoutFilter • RequestHolderAuthenticationFilter (UsernamePasswordAuthenticationFilter) • SecurityContextHolderAwareRequestFilter • RememberMeAuthenticationFilter • AnonymousAuthenticationFilter • ExceptionTranslationFilter • FilterSecurityInterceptor CONFIDENTIAL 63
  • 64. Customization Overview (cont)  Remove filter(s) from the chain • Not recommended  Add filter(s) to the chain  Add/remove/replace LogoutHandler(s)  Add/remove/replace AccessDecisionVoter(s)  Add/remove/replace AuthenticationProvider(s) CONFIDENTIAL 64
  • 65. Customization Overview (cont)  Customize a filter or AuthenticationProvider's dependency • e.g. custom UserDetailsService  Don't write code if you can customize properties or BootStrap.groovy  Read the Spring Security documentation • Print the PDF and read it on your commute  Ask for help on the Grails User mailing list CONFIDENTIAL 65
  • 66. See http://burtbeckwith.com/blog/?p=1090 for a blog post on the previous talk in London CONFIDENTIAL 66
  • 67. Thank you CONFIDENTIAL 67