Using Spring Security and Requestmap fails in Grails

Question

I am new to Grails. I started a new project from scratch and added Spring Security Core as authentication and authorisation (I am using GGTS as a tool). My problem is that if I start using Requestmap, it does not work at all, even if I am using the instructions I have found all around the net. Here is my configurations.

---

Buildconfig.groovy:

compile ':spring-security-core:2.0-RC4'

---

Command I used to create default objects

s2-quickstart com.company.foobar User Privilege Requestmap

---

Config.groovy

grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations = false

grails.plugin.springsecurity.logout.postOnly = false

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.company.foobar.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.company.foobar.UserPrivilege'
grails.plugin.springsecurity.authority.className = 'com.company.foobar.Privilege'
grails.plugin.springsecurity.requestMap.className = 'com.company.foobar.Requestmap'
grails.plugin.springsecurity.securityConfigType = grails.plugin.springsecurity.SecurityConfigType.Requestmap

//**** I have tried both above and below (below is default one).

grails.plugin.springsecurity.securityConfigType = 'Requestmap'

---

BootStrap.groovy

for (String url in [
    '/', '/index', '/index.gsp', '/**/favicon.ico',
'/assets/**', '/**/js/**', '/**/css/**', '/**/images/**',
    '/login', '/login.*', '/login/**',
    '/logout', '/logout.*', '/logout/**']) {
    new Requestmap(url: url, configAttribute: 'ROLE_ANONYMOUS').save()
}

// I have tried both these (above and below)
// I have tried configuration attribute as
// IS_AUTHENTICATED_ANONYMOUSLY, permitAll
// and ROLE_ANONYMOUS (and few others too)

new Requestmap(url: '/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
new Requestmap(url: '/logout/**', configAttribute: 'ROLE_ANONYMOUS').save();
new Requestmap(url: '/login/**', configAttribute: 'ROLE_ANONYMOUS').save()
new Requestmap(url: '/index/**', configAttribute: 'ROLE_ANONYMOUS').save();

Note: DB gets populated correctly.

---

Thing is that DB gets populated correctly, but I get these errors:

hierarchicalroles.RoleHierarchyImpl setHierarchy() - The following role hierarchy was set: 
intercept.FilterSecurityInterceptor Validated configuration attributes
web.DefaultSecurityFilterChain Creating filter chain: Ant [pattern='/**'], [org.springframework.security.web.context.SecurityContextPersistenceFilter@7f4446e0, grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter@5b895d66, grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter@1753027d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4ac86881, grails.plugin.springsecurity.web.filter.GrailsRememberMeAuthenticationFilter@2b451382, grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter@4403d1ff, org.springframework.security.web.access.ExceptionTranslationFilter@56cfdf3b, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@6948c703]
|Server running. Browse to http://localhost:8080/foobar
....matcher.AntPathRequestMatcher Request '/index.gsp' matched by universal pattern '/**'
web.FilterChainProxy /index.gsp at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
context.HttpSessionSecurityContextRepository No HttpSession currently exists
context.HttpSessionSecurityContextRepository No SecurityContext was available from the HttpSession: null. A new one will be created.
web.FilterChainProxy /index.gsp at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
web.FilterChainProxy /index.gsp at position 3 of 8 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
web.FilterChainProxy /index.gsp at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
web.FilterChainProxy /index.gsp at position 5 of 8 in additional filter chain; firing Filter: 'GrailsRememberMeAuthenticationFilter'
web.FilterChainProxy /index.gsp at position 6 of 8 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
web.FilterChainProxy /index.gsp at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
web.FilterChainProxy /index.gsp at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
intercept.FilterSecurityInterceptor Secure object: FilterInvocation: URL: /index.gsp; Attributes: [_DENY_]
intercept.FilterSecurityInterceptor Previously Authenticated: grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken@dc4337e: Principal: org.springframework.security.core.userdetails.User@dc730200: Username: __grails.anonymous.user__; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
hierarchicalroles.RoleHierarchyImpl getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps.
access.ExceptionTranslationFilter Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
    at grails.plugin.springsecurity.access.vote.AuthenticatedVetoableDecisionManager.decide(AuthenticatedVetoableDecisionManager.java:47)
    at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
    at grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:49)
    at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:82)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
savedrequest.HttpSessionRequestCache DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/foobar/]
access.ExceptionTranslationFilter Calling Authentication entry point.
web.DefaultRedirectStrategy Redirecting to 'http://localhost:8080/foobar/login/auth'

After this I get looping error from browser (it tries and tries to login/auth page getting same answer all the time). I have checked answers in the stackoverflow, but my configs are like in those answers, and still aint helping.

I have cheked this, its not helping me, Grails spring security fails to present the login page due to a redirect loop (I have configuration like in answer above).

What works

If I take out of request map and use static definitions in Config.groovy everything works like a charm, but I need to use the DB for configuration (to go further from there).

Answer 1

Seems to be an [issue][1] related to the *[hibernate4 plugin][2]*.

Using Grails 2.5 the hibernate-plugin installed by default (BuildConfig.groovy) is:

runtime ":hibernate4:4.3.8.1" // or ":hibernate:3.6.10.18"

This is obviously not working for securityConfigType = 'Requestmap'
So I tried ...

• 4.3.8.2-SNAPSHOT: same problem.
• 4.3.6.1: same problem.
• 4.3.5.4: seems to work well

May be it is an option for you to downgrade your hibernate4 plugin:

runtime ":hibernate4:4.3.5.4"