In Groovy and Grails

Authentication plugin released

Posted by: on Apr 22, 2008 | 11 Comments

At long long last I’ve released my authentication plugin for Grails.

Check out the documentation here

My mission is to make authentication and authorisation as simple as possible. I just don’t get on with the complexity of Acegi etc, and they just don’t feel very Grailsy. So I chose a simple event model. You override the events you want, and provide your own domain or backing store class for user info if you want.

However out of the box in the immortal words of our favourite fruit, "It just works". You just add login/signup forms using the supplied auth:form tag and check if the user is logged in in your code using authenticationService.isLoggedIn(request) in your controller or filter, or use authenticationService.filterRequest in a filter to have it "do the right thing" and just ask your app via the onCheckAuthorized event which passes you in all the info you need to decide if the user can access the requested resource.

We’re already using this in production and it has gone through several iterations over the past year. There will be bugs, but there is also documentation. Which may have errata also. Let me know!

To install it use: grails install-plugin authentication

 

 

11 Comments

  1. danb
    April 23, 2008

    can’t wait to try this out… looks perfect.

    Reply
  2. danb
    April 23, 2008

    The only plugin I have used so far is quartz, which has no UI and I’m not sure how that stuff is supposed to work. So forgive me if I’m missing something obvious… but when I install this plugin, I cannot hit http://localhost:8080/myapp/authentication unless I manually copy “authentication/index.jsp” into my project’s “views” dir… once I’ve done that, everything appears to work just fine.

    I do end up with the gsp files in “myapp/web-app/plugins/authentication-1.0/grails-app/views” after installation… but that didn’t seem to help much.

    thanks!
    dan

    Reply
  3. Marc Palmer
    April 23, 2008

    danb: This is a bug in Grails 1.0.2 which fails to make plugin views available at runtime. You need to copy them over for now, sorry.

    Reply
  4. Marcel Overdijk
    April 23, 2008

    Great plugin. I was working on some OpenID integration for authentication and was also thinking about creating a plugin from it. Your plugin gives me a lot of ideas!

    Reply
  5. danb
    April 23, 2008

    Thanks Marc, you might want to make note of that in the docs.. I had no idea :)

    After I got the plugin working last night I added a @Secure annotation to my project… now I can tag any controller or controller action method I want to require authentication with @Secure and my filter picks it up and does the auth check… not bad for

    Reply
  6. danb
    April 23, 2008

    oops… wordpress doesn’t escape < for me… that end of that last comment is:

    “not bad for < 30 lines of code! next step is making it role aware and I’ll be golden.”

    Reply
  7. Justin Beck
    April 28, 2008

    I’m using the 1.0.3 SNAPSHOT of Grails and the command ‘grails install-plugin authentication’ doesn’t work for me.

    I get this: Latest release information is not available for plugin ‘authentication’, specify concrete release to install

    Can I download a zip of the plugin from somewhere so I can just install from a local copy?

    Thanks!

    Reply
  8. Justin Beck
    April 28, 2008

    Ha! Never mind…

    This works: ‘grails install-plugin authentication 1.0′

    Reply
  9. Shawn
    June 2, 2008

    Is there a trick to using the filter example? I keep getting an exception because there isn’t a request available when the filter is loaded:

    if (!applicationContext.authenticationService.isLoggedIn(request)) {

    Caused by: java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request?

    Reply
  10. Marc Palmer
    June 9, 2008

    Shawn… no it should be fine. Please try running with the 1.1 snapshot in SVN. That mechanism does not use anything special in 1.1 nor in 1.0 as far as I recall – it just accesses the session.

    If no joy mail me your code – see author info in the AuthenticationGrailsPlugin.groovy file.

    Reply
  11. Mathias Hoeschen
    July 4, 2008

    I tried to use a different domain class adding this to Config.groovy:

    authenticationUserClass = MyOwnUserClass

    But still the AuthenticationUser class is used.

    The fix mentioned on this page (second comment at the bottom) http://docs.codehaus.org/display/GRAILS/Authentication+Plugin is working for me, too.

    Reply

Leave a Reply