Last updated by 5 years ago

Page: AcegiSecurity Plugin - Basic Tutorial, Version:5

Create your Grails application

# grails create-app bookstore
# cd bookstore

Install the Acegi plugin

# grails install-plugin acegi

Create the User, Role, and Requestmap domain classes

# grails create-auth-domains User Role
You can choose other names for User and Role, these are just examples.
Note: Depending on your database, some names might not be valid. This goes for any domain classes you create, but names for security seem to have an affinity towards trouble. So before you use names like "User" or "Group", make sure they are not reserved keywords in your database :)
The script will create this User class:
/**
 * User for user account.
 */
class User {
   static transients = ['pass']
   static hasMany = [authorities: Role]
   static belongsTo = Role

/** Username */ String username /** User Real Name*/ String userRealName /** MD5 Password */ String passwd /** enabled */ boolean enabled

String email boolean emailShow

/** description */ String description = ''

/** plain password to create a MD5 password */ String pass = '[secret]'

static constraints = { username(blank: false, unique: true) userRealName(blank: false) passwd(blank: false) enabled() } }

and this Role class:
/**
 * Role class for Authority.
 */
class Role {

static hasMany = [people: User]

/** description */ String description /** ROLE String */ String authority = 'ROLE_'

static constraints = { authority(blank: false) description() } }

and this Requestmap class:
/**
 * Domain class for Request Map.
 */
class Requestmap {

String url String configAttribute

static constraints = { url(blank: false, unique: true) configAttribute(blank: false) } }

Optional - create controllers and GSPs for User, Role, and Requestmap domain classes

# grails generate-manager
will create:
  • grails-app/controllers/RequestmapController.groovy
  • grails-app/controllers/RoleController.groovy
  • grails-app/controllers/UserController.groovy
  • grails-app/views/requestmap/create.gsp, edit.gsp, list.gsp, view.gsp
  • grails-app/views/role/create.gsp, edit.gsp, list.gsp, view.gsp
  • grails-app/views/user/create.gsp, edit.gsp, list.gsp, view.gsp

Optional - create controllers and GSPs for Captcha, Register, and an Emailer Service.

# grails generate-registration
will create:
  • grails-app/controllers/CaptchaController.groovy
  • grails-app/controllers/RegisterController.groovy
  • grails-app/services/EmailerService.groovy
  • grails-app/views/register/edit.gsp, index.gsp, show.gsp

Create a controller that will be restricted by role

# grails create-controller Secure
This will create grails-app/controllers/SecureController.groovy - add some output so we can verify that things are working:
class SecureController {

def index = { render 'Secure access only' } }

Start the server

# grails run-app
Before we secure the page, navigate to http://localhost:8080/bookstore/secure to verify that you can see the page without being logged in:

Navigate to http://localhost:8080/bookstore/role/create and create an 'admin' role:

Note: These screenshots show "UserGroup" being used instead of the default domain name of "Role". If you went with the default names, you will see those instead. Just goes to show that Grails is fine with different domain names for Acegi!

then navigate to http://localhost:8080/bookstore/requestmap/create and create the mapping for SecureController:

URL: /secure/**
Role: admin

and finally navigate to http://localhost:8080/bookstore/user/create (or http://localhost:8080/bookstore/register) to create a test user:

Now navigate again to http://localhost:8080/bookstore/secure and this time, you should be presented with the login page:

Log in with the username and password you used for the test user, and you should again be able to see the secure page:

When logging in, you can test the Remember Me functionality. Check the checkbox, and once you've tested the secure page close your browser and re-open it. Navigate again the the secure page, and since you have a cookie stored, you shouldn't need to log in again. Logout at any time by navigating to http://localhost:8080/bookstore/logout
If you prefer to store your url/role mapping statically instead of in the database, skip the Requestmap step and instead make these changes in grails-app/conf/SecurityConfig.groovy:
  • change the 'useRequestMapDomainClass' property to false
  • uncomment the 'requestMapString' property and change its value to:
requestMapString = """
   CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
   PATTERN_TYPE_APACHE_ANT

/secure/**=ROLE_ADMIN /**=IS_AUTHENTICATED_ANONYMOUSLY """