Last updated by 5 years ago

Page: AcegiSecurity Plugin - Basic Tutorial, Version:0

Create your Grails application

# grails create-app bookstore
# cd bookstore

Install the Acegi plugin

# grails install-plugin acegi

Create the User, Role, and Requestmap domain classes

# grails create-auth-domains User Role
You can choose other names for User and Role, these are just examples.
The script will create this User class:
/**
 * User for user account.
 */
class User {
   static transients = ['pass']
   static hasMany = [authorities: Role]
   static belongsTo = Role

/** Username */ String username /** User Real Name*/ String userRealName /** MD5 Password */ String passwd /** enabled */ boolean enabled

String email boolean emailShow

/** description */ String description = ''

/** plain password to create a MD5 password */ String pass = '[secret]'

static constraints = { username(blank: false, unique: true) userRealName(blank: false) passwd(blank: false) enabled() } }

and this Role class:
/**
 * Role class for Authority.
 */
class Role {

static hasMany = [people: User]

/** description */ String description /** ROLE String */ String authority = 'ROLE_'

static constraints = { authority(blank: false) description() } }

and this Requestmap class:
/**
 * Domain class for Request Map.
 */
class Requestmap {

String url String configAttribute

static constraints = { url(blank: false, unique: true) configAttribute(blank: false) } }

Optional - create controllers and GSPs for User, Role, and Requestmap domain classes

# grails generate-manager
will create:
  • grails-app/controllers/RequestmapController.groovy
  • grails-app/controllers/RoleController.groovy
  • grails-app/controllers/UserController.groovy
  • grails-app/views/requestmap/create.gsp, edit.gsp, list.gsp, view.gsp
  • grails-app/views/role/create.gsp, edit.gsp, list.gsp, view.gsp
  • grails-app/views/user/create.gsp, edit.gsp, list.gsp, view.gsp

Optional - create controllers and GSPs for Captcha, Register, and an Emailer Service.

# grails generate-registration
will create:
  • grails-app/controllers/CaptchaController.groovy
  • grails-app/controllers/RegisterController.groovy
  • grails-app/services/EmailerService.groovy
  • grails-app/views/register/edit.gsp, index.gsp, show.gsp

Create a controller that will be restricted by role

# grails create-controller Secure
This will create grails-app/controllers/SecureController.groovy - add some output so we can verify that things are working:
class SecureController {

def index = { render 'Secure access only' } }

Start the server

# grails run-app
Before we secure the page, navigate to http://localhost:8080/bookstore/secure to verify that you can see the page without being logged in:

Navigate to http://localhost:8080/bookstore/role/create and create an 'admin' role:

 

then navigate to http://localhost:8080/bookstore/requestmap/create and create the mapping for SecureController:

 

and finally navigate to http://localhost:8080/bookstore/user/create (or http://localhost:8080/bookstore/register) to create a test user:

 

Now navigate again to http://localhost:8080/bookstore/secure and this time, you should be presented with the login page:

 

Log in with the username and password you used for the test user, and you should again be able to see the secure page:

When logging in, you can test the Remember Me functionality. Check the checkbox, and once you've tested the secure page close your browser and re-open it. Navigate again the the secure page, and since you have a cookie stored, you shouldn't need to log in again. Logout at any time by navigating to http://localhost:8080/bookstore/logout
If you prefer to store your url/role mapping statically instead of in the database, skip the Requestmap step and instead make these changes in grails-app/conf/SecurityConfig.groovy:
  • change the 'useRequestMapDomainClass' property to false
  • uncomment the 'requestMapString' property and change its value to:
requestMapString = """
   CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
   PATTERN_TYPE_APACHE_ANT

/secure/**=ROLE_ADMIN /**=IS_AUTHENTICATED_ANONYMOUSLY """