Authentication plugin released

Posted by: on Apr 22, 2008 | 20 Comments

At long long last I’ve released my authentication plugin for Grails.

Check out the documentation here

My mission is to make authentication and authorisation as simple as possible. I just don’t get on with the complexity of Acegi etc, and they just don’t feel very Grailsy. So I chose a simple event model. You override the events you want, and provide your own domain or backing store class for user info if you want.

However out of the box in the immortal words of our favourite fruit, "It just works". You just add login/signup forms using the supplied auth:form tag and check if the user is logged in in your code using authenticationService.isLoggedIn(request) in your controller or filter, or use authenticationService.filterRequest in a filter to have it "do the right thing" and just ask your app via the onCheckAuthorized event which passes you in all the info you need to decide if the user can access the requested resource.

We’re already using this in production and it has gone through several iterations over the past year. There will be bugs, but there is also documentation. Which may have errata also. Let me know!

To install it use: grails install-plugin authentication




  1. danb
    April 23, 2008

    can’t wait to try this out… looks perfect.

  2. danb
    April 23, 2008

    The only plugin I have used so far is quartz, which has no UI and I’m not sure how that stuff is supposed to work. So forgive me if I’m missing something obvious… but when I install this plugin, I cannot hit http://localhost:8080/myapp/authentication unless I manually copy “authentication/index.jsp” into my project’s “views” dir… once I’ve done that, everything appears to work just fine.

    I do end up with the gsp files in “myapp/web-app/plugins/authentication-1.0/grails-app/views” after installation… but that didn’t seem to help much.


  3. Marc Palmer
    April 23, 2008

    danb: This is a bug in Grails 1.0.2 which fails to make plugin views available at runtime. You need to copy them over for now, sorry.

  4. Marcel Overdijk
    April 23, 2008

    Great plugin. I was working on some OpenID integration for authentication and was also thinking about creating a plugin from it. Your plugin gives me a lot of ideas!

  5. danb
    April 23, 2008

    Thanks Marc, you might want to make note of that in the docs.. I had no idea :)

    After I got the plugin working last night I added a @Secure annotation to my project… now I can tag any controller or controller action method I want to require authentication with @Secure and my filter picks it up and does the auth check… not bad for

  6. danb
    April 23, 2008

    oops… wordpress doesn’t escape < for me… that end of that last comment is:

    “not bad for < 30 lines of code! next step is making it role aware and I’ll be golden.”

  7. Justin Beck
    April 28, 2008

    I’m using the 1.0.3 SNAPSHOT of Grails and the command ‘grails install-plugin authentication’ doesn’t work for me.

    I get this: Latest release information is not available for plugin ‘authentication’, specify concrete release to install

    Can I download a zip of the plugin from somewhere so I can just install from a local copy?


  8. Justin Beck
    April 28, 2008

    Ha! Never mind…

    This works: ‘grails install-plugin authentication 1.0′

  9. Shawn
    June 2, 2008

    Is there a trick to using the filter example? I keep getting an exception because there isn’t a request available when the filter is loaded:

    if (!applicationContext.authenticationService.isLoggedIn(request)) {

    Caused by: java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request?

  10. Marc Palmer
    June 9, 2008

    Shawn… no it should be fine. Please try running with the 1.1 snapshot in SVN. That mechanism does not use anything special in 1.1 nor in 1.0 as far as I recall – it just accesses the session.

    If no joy mail me your code – see author info in the AuthenticationGrailsPlugin.groovy file.

  11. Mathias Hoeschen
    July 4, 2008

    I tried to use a different domain class adding this to Config.groovy:

    authenticationUserClass = MyOwnUserClass

    But still the AuthenticationUser class is used.

    The fix mentioned on this page (second comment at the bottom) is working for me, too.

  12. Mikael De Bie
    August 3, 2012

    Hello !

    I tried to use your grails authentication plugin (2.0.1) following this web page:

    But when I use the signup form or the login form, I always get this error :

    No signature of method: com.grailsrocks.authentication.SignupForm.hasErrors() is applicable for argument types: () values: [] Possible solutions: hashCode()

    For your information, Ive installed grails version 2.1.0 and I work on SpringSource Tool Suite (Version: 2.9.2.RELEASE, Build Id: 201205071000)

    The grails project is empty, Ive juste tried the authentication forms after having installed the plugin.

    Thanks in advance,


  13. Marc Palmer
    August 17, 2012

    Sounds like your app needs to add the com.grailsrocks.authentication.SignupForm to the validateable packages list in Config. Plugins cannot reliably update this themselves.

  14. Mikael De Bie
    August 18, 2012

    It works great, thanks !

    It could be interesting to add this comment in the plugin documentation page.

    Many thanks anyway,


  15. Drew
    August 22, 2012

    Cool plugin. I got this error as well. I tried setting:

    grails.validateable.classes = ['com.grailsrocks.authentication.SignupForm']


    grails.validateable.packages = ['com.grailsrocks.authentication']

    but still seem to get the same error. Grails 2.1.0

  16. Pavan
    August 23, 2012


    Could you please provide more info ,bcz i am also facing same issue and the added
    grails.validateable.packages = ['com.grailsrocks.authentication.SignupForm']
    in config.groovy,but still i am facing same issue.


  17. Mikael De Bie
    August 23, 2012

    The correct code to add in the config.groovy file is the following :

    grails.validateable.classes = [com.grailsrocks.authentication.SignupForm, com.grailsrocks.authentication.LoginForm]

    You can find more information in the grails documentation:



  18. Pavan
    August 24, 2012

    It works great,
    Thanks a lot Mikael.

  19. raipe
    February 24, 2013

    Great plugin! Thanks.

    How do I login user programmatically? I would like to login the user after I have called the authenticationService.confirmUser(userToken), so that the user do not need to login manually after following the confirmation link sent to email.

  20. raipe
    February 24, 2013

    Checking the plugin source code I came up with the following solution. Seems to work, but is too tightly coupled with plugin internals.


    AuthenticatedUser sessionUser =

    sessionUser.loggedIn = true
    sessionUser.loginTime = new Date()