How to make relationship between two domain classes in grails . I already have one domain class from the plugin (spring security plugin) and i want to link USER domain class from plugin to the Profile domain class . What is the best way to do it?
See the GORM documentation for a good overview. For a one-to-one relationship as I assume a profile would be, you could simply do the following:
class User {
Profile profile
}
class Profile {
// only needed if you need to refer to user from the Profile instance
static belongsTo = [user:User]
}
Related
Delete an article using DELETE /articles/:id
Delete all articles using DELETE /articles/
How can I make deletion support available only in dev environment and prevent it for test, staging, production environments in spring boot
First thing that comes to my mind would be adding a DeletionController which is created either based on a property or, in your case, on the active profile.
Something like:
#Profile("dev")
#RestController
public class DeletionController {
#DeleteMapping("articles")
public void deleteAll() {
//delete all articles
}
#DeleteMapping("articles/{id}")
public void delete(#PathVariable Integer id) {
//delete article for given id
}
}
Doing so Spring will only instantiate the DeletionController when the dev profile is active making the related endpoints available only in that case. You also have the possibility to have it active/inactive with more complex conditions like #Profile("dev & staging") or #Profile("dev & !production"). You can control the active profiles in your property file with the property spring.profiles.active.
The property approach would be using, instead of #Profile, the annotation #ConditionalOnProperty properly configured.
I am a new bee and using microservices(Spring Boot, Spring Cloud) in which I am trying to use resource file of a microservice in another. For that I need to scan that module in another one via ComponentScan.
Like I have an Admin module in which I need to autowired Main Resource that is in main module.So I use:
#ComponentScan(basePackages = {"com.example.admin","com.example.main"}
I used this in AdminApplication file.Now it also shows Main module's Controllers in Admin which I don't want. I google it and apply:
#ComponentScan(basePackages =
{"com.example.admin","com.example.main"},
excludeFilters = {#ComponentScan.Filter(type = ASSIGNABLE_TYPE,
value = {
UserController.class,
CustomerController.class,
SchoolController.class
})})
But it still shows this Main module controllers in Admin Module. How to actually exclude this? Please help me.
With JavaConfig (#Configuration) and the #Profile annotation, you could set up a subtile combination of classes "in and out" depending of your needs, I guess.
BUT you would have to disable #ComponentScan on your main class (don't use #SpringBootApplication, maybe, as it's embedding #ComponentScan).
IMHO you should rather modularize your applications/services, building common resources as a separated JAR, and each service as a distinct Maven module depending on it
Thanks for your suggestions. Finally I got the answer.
Swashbuckle is built on top of WebApi's built-in metadata layer - ApiExplorer. If you decorate a controller or action with the following attribute:
[ApiExplorerSettings(IgnoreApi=true)]
public class MyController : ApiController
then this will ultimately cause the entire controller or individual action to be omitted from the Swagger output .
I am using a service layer with repository pattern. The controller has a dependency on the service layer, and the service layer has a dependency on the repository.
I have to pass logged in user information to the repository layer for authorization purposes and am trying to determine the best approach for injecting the user information into the repository considering that I seem to have an extensive injection chain:
controller -> service(s) -> repositories -> logged in user info.
I guess the easy approach would be to pass the user information to the service methods that get called(i.e. FindById(int primaryKey, User currentUser), etc.)
But this seems very limiting and problematic down the road as opposed to injecting the User information.
What is the recommended approach to this problem?
I am a little confused about how the person in the article seems to be implementing the ICurrentUserFetcher. I assume that is would provide the extra properties that are not available from the IIdentity, but the article does not make this very clear.
class GenericRepository<T>: IRepository<T> {
private readonly ICurrentUserFetcher currentUserFetcher;
public GenericRepository<T>(Func<IIdentity> currentUserFetcher) {
this.currentUserFetcher = currentUserFetcher;
}
public void Update(T entity) {
var currentUser = currentUserFetcher();
...
}
}
var repo = new GenericRepository<Person>(() => HttpContext.Current.User.Identity);
Assign the user information to the current principal after the login. Google about IPrincipal and IIdentity. Those two classes are the built in way in .NET to handle the currently logged in user.
To access the user simply use Thread.CurrentPrincipal.Identity. I would however not use that property in the repository, but only in the service class. The reason to tha this that the repository should not be in charge of telling which user to fetch information for.
To assign the user on every request you have to use the PostAuthenticate event in global.asax.
I'm trying to convert a Stripes web app to Grails. The Stripes app uses Spring Security, but I would like the Grails app to use the Spring Security Grails plugin.
The app already has User and Role (Java) classes that I need to reuse, i.e. I cannot use the Grails domain classes that the s2-quickstart script generates.
The Spring Security plugin docs describe how to use an existing User domain class. The steps seem to be:
define a UserDetails implementation that reads from the existing User domain class
define a custom UserDetailsService implementation that returns instances of (1)
register an instance of (2) as a Spring bean named userDetailsService.
However the docs don't provide any information about how to use an existing Role class and the class that represents the many-to-many relationship between User and Role.
What other steps are necessary to use existing Role, User, and UserRole classes with the Grails Spring Security plugin? Is there any reason for me to run the s2-quickstart script if I don't want to generate any domain classes?
Follow-Up Questions to Burt's Answer
In the end, what you need is a new GrailsUser
Presumably GrailsUser here refers to the custom UserDetails implementation? In my case I'll probably just implement the interface directly. Does something like this seem reasonable?
class UserAdapter implements UserDetails {
private String password
private Collection<GrantedAuthority> springRoles
UserAdapter(User user) {
this.password = user.password
Collection<Role> roles = // load legacy Role objects
this.springRoles = roles.collect { new GrantedAuthorityImpl(it.authority) }
}
// If using password hashing, presumably this is the hashed password?
String getPassword() {
password
}
///////// other UserDetails methods omitted
Collection<GrantedAuthority> getAuthorities() {
springRoles
}
}
I'm not storing the whole User object within UserAdapter because of your warning about storing a potentially large object in the HTTP session.
what you need is.....and a List of GrantedAuthority instances (and the id if it's a GrailsUser)
If I use my own UserDetails implementation as above, then presumably I can ignore this comment about providing an id?
Finally, if I follow the approach outlined above, should I set these properties in Config.groovy and do I need to run the s2-quickstart script (or any others)?
Keep in mind that Spring Security doesn't care where the data comes from, it just needs a UserDetails instance when authenticating with the DAO auth provider and it can come from anywhere. It's convenient to use domain classes and database tables, but it's just one approach. Do what works for your data. In the end, what you need is a new GrailsUser (or some other impl) instance with the username and password set, the 3 booleans set, and a List of GrantedAuthority instances (and the id if it's a GrailsUser).
The simplest thing to do when you have legacy user and role data is to create a custom UserDetailsService. Use GORM, raw SQL queries, whatever you need to get the required data.
Another option is to write your own AuthenticationProvider like Glen did here: http://blogs.bytecode.com.au/glen/2010/01/15/hacking-custom-authentication-providers-with-grails-spring-security.html - although that's a larger solution that also involves a custom filter which you wouldn't need. The DAO provider uses a UserDetailsService but it's fine to create your own that combines the functionality into one class.
It's not a good idea to reuse your User domain class as the UserDetails though. Even if you implement the interface, you'd be storing a disconnected potentially large (if there are attached collections) object in the HTTP session. The POJO/POGO implementations (Spring Security's User class, the plugin's GrailsUser class, etc.) are very small and just a few Strings and booleans.
within the config.groovy file you have to specify your domain classes to use:
grails.plugins.springsecurity.userLookup.userDomainClassName = 'your.package.User'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'your.package.UserRole'
grails.plugins.springsecurity.authority.className = 'your.package.Role'
i thinks it's not neccessary to implement your own userDetail service, because spring security uses
SpringSecurityUtils.securityConfig.userLookup
method to determine the domain class you configured before. your domain classes must provide the required fields and relations.
Dear All,
I am using the membership provider of MVC framework, Now i want to implement the Role and Right on My project, All the Role and Right is available on database so how can i implement the Role and Right? is there is any built in function which can i use? also i am using the Ado .net Data Entity Framework..
If I'm understanding what you want to do correctly, you have to annotate your Controller class or ActionResult with the Authorize attribute like this:
[Authorize(Roles="Domain Admins", Users="testuser")]
public class TestController : Controller {
}
Then as long as your membership provider is setup you should be good to go.
It may be worth mentioning that you can always check if a user is in a role with the following code.
User.IsInRole("Domain Admins");
If your using MVC2 then the default project template makes it easy. You should check out the AccountController and AccountModels in a default MVC2 template.
It sounds like you need a custom role provider:
http://davidhayden.com/blog/dave/archive/2007/10/17/CreateCustomRoleProviderASPNETRolePermissionsSecurity.aspx
http://msdn.microsoft.com/en-us/library/8fw7xh74.aspx
http://www.codeproject.com/KB/aspnet/WSSecurityProvider.aspx