CODEWITHSUNDEEP
grailsgradlespring-security
SGT Grumpy Pants
SGT Grumpy Pants

Reputation: 4436

How to Configure Spring Security Rest for Grails 3.x

How do you configure Spring Security Rest Plugin for Grails 3.x (currently I'm using Grails 3.1.0 RC2).

The plugin page says to "Add compile :spring-security-rest:${version} to your BuildConfig.groovy," but BuildConfig.groovy has been removed from Grails 3.x

edit: the docs on the plugin page have been updated

Upvotes: 0

Views: 2225

Answers (1)

SGT Grumpy Pants
SGT Grumpy Pants

Reputation: 4436

SO I got this working. First off, the documentation located [here][1] is much more up to date. You need to add the following to build.gradle

build.gradle

dependencies {

    //Other dependencies

    compile "org.grails.plugins:spring-security-rest:2.0.0.M2"
}

Next, you need to run Spring Security quickstart

grails s2-quickstart com.yourapp Person Role

Finally, you need to configure the filter chain but adding the following into your application.groovy.

application.groovy

grails.plugin.springsecurity.filterChain.chainMap = [
    //Stateless chain
    [
        pattern: '/api/**',
        filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'
    ],

    //Traditional chain
    [
        pattern: '/**',
        filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'
    ]
]

Alternatives: I decided to move the configuration to application.yml, so I'm not using two different configuration syntaxes.

Alternative config #1: using application.yml with standard default settings

grails:

    # other config values

    plugin.springsecurity:
        userLookup.userDomainClassName: 'com.company.product.Person'
        userLookup.authorityJoinClassName: 'com.company.product.PersonRole'
        authority.className: 'com.company.product.Role'
        controllerAnnotations.staticRules:    
            - {pattern: '/', access: ['permitAll']}
            - {pattern: '/error', access: ['permitAll']}
            - {pattern: '/index', access: ['permitAll']}
            - {pattern: '/index.gsp', access: ['permitAll']}
            - {pattern: '/shutdown', access: ['permitAll']}
            - {pattern: '/assets/**', access: ['permitAll']}
            - {pattern: '/**/js/**', access: ['permitAll']}
            - {pattern: '/**/css/**', access: ['permitAll']}
            - {pattern: '/**/images/**', access: ['permitAll']}
            - {pattern: '/**/favicon.ico', access: ['permitAll']}
        filterChain.chainMap:
            - {pattern: '/assets/**', filters: 'none'}
            - {pattern: '/**/js/**', filters: 'none'}
            - {pattern: '/**/css/**', filters: 'none'}
            - {pattern: '/**/images/**', filters: 'none'}
            - {pattern: '/**/favicon.ico', filters: 'none'}
              #Stateless chain
            - {pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'}
                  #Traditional chain
                - {pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'}

I also (this is totally optional)

  • removed all of the generated config that pertains to serving GSPs since my app is just an API
  • configured the plugin to persist the authorization token using GORM
  • replaced the default bearer tokens config with the X-Auth-Token config

so I ended up with this

Alternative config #2: using application.yml with API only (No GSPs) with GORM token storage and X-Auth-Tokens instead of Bearer Tokens

grails:

    # other config values

    plugin.springsecurity:
        userLookup.userDomainClassName: 'com.company.product.Person'
        userLookup.authorityJoinClassName: 'com.company.product.PersonRole'
        authority.className: 'com.company.product.Role'
        filterChain.chainMap:
            #Stateless chain
            - {pattern: '/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'}
        rest.token:
                storage.gorm.tokenDomainClassName: 'com.company.product.AuthenticationToken'
                validation:
                    useBearerToken: false
                    headerName: 'X-Auth-Token'

Upvotes: 1

Related Questions