Develop Reference

Setting the Symfony session storage factory

I'm using Symfony 6 to refactor a CodeIgniter 3 framework. User logging in is done via CodeIgniter so I'd like to read the CI session data (stored in a DB) in Symfony.
I'm trying to use my own session storage factory because the CI session name is dynamically constructed using the hostname and also because of the way CI stores the session in the db is different to Symfony.
I've set the session storage factory in framework.yaml
# config/packages/framework.yaml
session:
storage_factory_id: App\Service\CINativeSessionStorageFactory
And I've configured my services (including my own PDO session handler):
# config/services.yaml
services:
# default configuration for services in *this* file
_defaults:
autowire: true # Automatically injects dependencies in your services.
autoconfigure: true # Automatically registers your services as commands, event subscribers, etc.
bind: # defines the scalar arguments once and apply them to any service defined/created in this file
string $locales: '%app_locales%'
string $defaultLocale: '%locale%'
string $emailSender: '%app.notifications.email_sender%'
# makes classes in src/ available to be used as services
# this creates a service per class whose id is the fully-qualified class name
App\:
resource: '../src/'
exclude:
- '../src/DependencyInjection/'
- '../src/Entity/'
- '../src/Kernel.php'
- '../src/Tests/'
# CodeIgniter Session handler
App\Service\CIPdoSessionHandler:
arguments:
- '%env(DATABASE_URL)%'
- {
db_table: 'ci_sessions',
db_id_col: 'id',
db_data_col: 'data',
db_time_col: 'timestamp',
db_lifetime_col: 'sess_lifetime'
}
properties:
logger: '#logger'
tags:
- { name: monolog.logger, channel: session }
App\Service\CINativeSessionStorageFactory:
arguments:
$handler : '#App\Service\CIPdoSessionHandler'
$options : {
cookie_secure: auto,
cookie_samesite: lax,
gc_maxlifetime: 7200
}
tags:
- { name: monolog.logger, channel: session }
However I am getting these errors in the logs:
[2022-11-30T17:32:16.738059+00:00] php.CRITICAL: Fatal Compile Error: Cannot declare class App\Service\CINativeSessionStorageFactory, because the name is already in use {"exception":"[object] (Symfony\\Component\\ErrorHandler\\Error\\FatalError(code: 0): Compile Error: Cannot declare class App\\Service\\CINativeSessionStorageFactory, because the name is already in use at /workspace/symfony/src/Service/CINativeSessionStorageFactory.php:16)"} []
[2022-11-30T17:32:16.739841+00:00] request.CRITICAL: Uncaught PHP Exception Symfony\Component\ErrorHandler\Error\FatalError: "Compile Error: Cannot declare class App\Service\CINativeSessionStorageFactory, because the name is already in use" at /workspace/symfony/src/Service/CINativeSessionStorageFactory.php line 16 {"exception":"[object] (Symfony\\Component\\ErrorHandler\\Error\\FatalError(code: 0): Compile Error: Cannot declare class App\\Service\\CINativeSessionStorageFactory, because the name is already in use at /workspace/symfony/src/Service/CINativeSessionStorageFactory.php:16)"} []
[2022-11-30T17:32:16.741681+00:00] session.DEBUG: Using App\Service\CIPdoSessionHandler [] []
[2022-11-30T17:32:16.741839+00:00] session.DEBUG: Setting session name to ci_session_XXXXXXX [] []
The last two lines indicate that my storage factory is working (at least partially) so I'm unsure as why I'm getting these errors.
The first part of my question is: Where am I going wrong?
As an aside, I noticed that if I set up my framework.yaml like this:
# config/packages/framework.yaml
session:
handler_id: App\Service\CIPdoSessionHandler
storage_factory_id: App\Service\CINativeSessionStorageFactory
Then the handler passed to my constructor was always null
public function __construct(array $options = [], AbstractProxy|\SessionHandlerInterface $handler = null, MetadataBag $metaBag = null, bool $secure = false)
{
// $handler is null!
So the second part of my question is: Do handler_id and storage_factory_id not work together?
Some additional information from trying to debug this issue:
If I save config/services.yaml and then refresh the page - I don't get this message.
If I then refresh the page again - I get the error message.
If I then save config/services.yaml again and refresh the page - I don't get this message
... etc
Is my installation broken? I followed the steps here : https://symfony.com/doc/current/setup.html

How do I disable spring security in a Grails 4 integration test?

I had a grails 3 app including spring security, which I recently upgraded to grails 4.
My application.yml includes the following:
environments:
test:
grails:
plugin:
springsecurity:
active: false
security:
ignored: '/**'
basic:
enabled: false
spring:
security:
enabled: false
Why doesn't this work in Grails 4? What's a good alternative solution?
Grails 4 seems to be ignoring this configuration. When I run integration tests, I am getting a 403 error with a message:
Could not verify the provided CSRF token because your session was not found.
It seems like spring security enabled, and it's using SecurityFilterAutoConfiguration, which is normally excluded for my app.
Update
I am using the following dependencies:
compile('org.grails.plugins:spring-security-core:3.2.3') {
exclude group: 'org.springframework.security'
}
compile ('org.springframework.security:spring-security-core:4.2.13.RELEASE') {
force = true
}
compile 'org.springframework.security:spring-security-web:4.2.13.RELEASE'
compile 'org.springframework.security:spring-security-config:4.2.13.RELEASE'
Update 2:
In my debugger, I found that the spring security core plugin actually is being disabled. The following code from the plugin class is executed:
SpringSecurityUtils.resetSecurityConfig()
def conf = SpringSecurityUtils.securityConfig
boolean printStatusMessages = (conf.printStatusMessages instanceof Boolean) ? conf.printStatusMessages : true
if (!conf || !conf.active) {
if (printStatusMessages) {
// <-- the code in this block is executed; active flag is false
String message = '\n\nSpring Security is disabled, not loading\n\n'
log.info message
println message
}
return
}
...however, I am still getting the CSRF filter error, so Spring Security must be configuring itself somehow regardless.
Update 3:
The CSRF filter is being set up by ManagementWebSecurityConfigurerAdapter, using the default configuration.
I tried adding the following to resources.groovy:
if (grailsApplication.config.disableSecurity == true && !Environment.isWarDeployed()) {
webSecurityConfigurerAdapter(new WebSecurityConfigurerAdapter(true) {})
}
This did not fix the issue. Although my anonymous WSCA bean is being constructed, the MWSCA default bean is still being used by spring.

Try this in
grails-app/conf/application.groovy
environments {
development {
}
test {
grails.plugin.springsecurity.active = false
}
production {
}
}

How to set the log level in Grails 4

In my Grails 4 app, log.info("log message") doesn't show log, but log.error("log message") does.
How do I change the log level from error to info in Grails 4?

Option 1
All I needed to do was update the application.yml file and added the following to the bottom
logging:
level:
root: INFO
You can also set a single the log level for a single package:
logging:
level:
packageName: INFO
Option 2
Since Grails 4 is based on Spring Boot, I ended up just setting the appropriate environment variable, i.e. logging.level.root=INFO or logging.level.com.mycompany.mypackage=INFO which I did in intellij by editing my run configuration (see below). This way, I can set the logging level differently when I deploy it.

You want to edit grails-app/conf/logback.groovy. Below is what the default file looks like for Grails 4.0.1.
import grails.util.BuildSettings
import grails.util.Environment
import org.springframework.boot.logging.logback.ColorConverter
import org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter
import java.nio.charset.StandardCharsets
conversionRule 'clr', ColorConverter
conversionRule 'wex', WhitespaceThrowableProxyConverter
// See http://logback.qos.ch/manual/groovy.html for details on configuration
appender('STDOUT', ConsoleAppender) {
encoder(PatternLayoutEncoder) {
charset = StandardCharsets.UTF_8
pattern =
'%clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} ' + // Date
'%clr(%5p) ' + // Log level
'%clr(---){faint} %clr([%15.15t]){faint} ' + // Thread
'%clr(%-40.40logger{39}){cyan} %clr(:){faint} ' + // Logger
'%m%n%wex' // Message
}
}
def targetDir = BuildSettings.TARGET_DIR
if (Environment.isDevelopmentMode() && targetDir != null) {
appender("FULL_STACKTRACE", FileAppender) {
file = "${targetDir}/stacktrace.log"
append = true
encoder(PatternLayoutEncoder) {
charset = StandardCharsets.UTF_8
pattern = "%level %logger - %msg%n"
}
}
logger("StackTrace", ERROR, ['FULL_STACKTRACE'], false)
}
root(ERROR, ['STDOUT'])
The specific change depends on what you really want to do. For example, if you have a controller named demo.SomeController and you want to set its log level to INFO, you could add something like this:
logger 'demo.SomeController', INFO, ['STDOUT'], false
See http://logback.qos.ch/manual/groovy.html for the full config reference.
I hope that helps.

Simple Way:
Update/Replace your grails-app/conf/logback.groovy with following code:
import ch.qos.logback.classic.encoder.PatternLayoutEncoder
appender("FILE", RollingFileAppender) {
file = "logs/FILE-NAME.log"
rollingPolicy(TimeBasedRollingPolicy) {
fileNamePattern = "logs/FILE-NAME-%d{yyyy-MM-dd}.log"
maxHistory = 30
}
encoder(PatternLayoutEncoder) {
pattern = "%d{HH:mm:ss.SSS} %-4relative [%thread] %-5level %logger{35} - %msg%n"
}
}
root(INFO, ["FILE"])
Above solution shows logger level to INFO
You can refer this more details and all log levels.
Hope this will helps you.

Cache plugin not caching

Could some wise guru give me a hand to get the Cache Plugin to work? I have been given this project that uses:
Grails 3.3.0
gradle 3.0
GORM 6.1.6.Release
Cache Plugin 4.0.0
I'm following https://grails-plugins.github.io/grails-cache/snapshot/guide/index.html#usage to enable Caching though the app can be started without error, the method that is annotated by #Cacheable doesn't seem to be caching. This is what my myWebApp**build.gradle** looks like:
:
compile group: 'org.grails.plugins', name: 'cache', version: '4.0.0'
compile group: 'org.grails.plugins', name: 'async'
:
This is my grails-app/conf/application.yml:
---
grails:
cache:
caches:
name: 'mycache'
---
This is how I enable cache in grails-app/conf/application.groovy:
:
grails.cache.enabled = true
grails.cache.clearAtStartup = true
:
This is my myWebApp/Application.groovy:
package myWebApp
:
class Application extends GrailsAutoConfiguration {
static void main(String[] args) {
GrailsApp.run(Application, args)
}
}
This is the method in a controller with #Cachable (grails-app/controllers/data/mycontroller.groovy):
package data
:
import org.springframework.cache.annotation.Cacheable
:
#Transactinal
class MyController {
:
#Cacheable(value='mycache')
def getSomeId() {
return anId
}
:
}
In the same controller, I am calling this method for quick test:
:
def index() {
def id = getSomeId()
:
}
:
The problem is getSomeId() didn't seem to be cached. Everytime getSomeId() was called, the body was executed in full length (I set a break point to verify). I just want to use a quick and simple cache mechanism for simple things like this.
What did I do wrong?
Thanks for all you folks, the cache finally works in my project. HOWEVER, the import for annotation must come from the plugin: grails.plugin.cache.Cacheable works, but org.springframework.annotation.Cacheable doesn't.

Grails Spring Security Rest - 403 Forbidden

So I just started learning Grails, and I am trying incorporate the Spring Security REST plugin into my app, the plugin is installed in addition to spring security core which is working. In my REST client, when I hit "api/login" I am able to get an access token and it says I have the role of "ROLE_ADMIN", but then when I try to hit something using that, I keep getting a 403 Forbidden. In Postman, the REST client I am using, I have my Authorization header with "Bearer {key}", with my url of "http://localhost:8080/test/api/secret" and it gives the 403 error. I am trying to setup the log4j logging to see any other issues, but does anyone know what I should look into, any help would be appreciated. I provided my classes below if that helps, I generally used default values for everything such as the UrlMappings.
RandomController.groovy
package test
import grails.plugin.springsecurity.annotation.Secured
#Secured(['IS_AUTHENTICATED_ANONYMOUSLY'])
class MyController {
#Secured(['ROLE_ADMIN'])
def secret() {
render "You have ACCESS!!!"
}
}
Bootstrap.groovy
class BootStrap {
def init = { servletContext ->
def adminRole = new SecRole(authority: 'ROLE_ADMIN').save(flush: true)
def testUser = new SecUser(username: 'bob', password: 'test')
testUser.save(flush: true)
SecUserSecRole.create testUser, adminRole, true
}
def destroy = {
}
}
UrlMappings.groovy
class UrlMappings {
static mappings = {
"/$controller/$action?/$id?(.$format)?"{
constraints {
// apply constraints here
}
}
"/api/$controller/$action?/$id?(.$format)?"{ constraints { // apply constraints here
} }
"/"(view:"/index")
"500"(view:'/error')
}
}

For what I can see from the code you posted, if you invoke url http://localhost:8080/test/api/secret, it should execute default action (maybe index) in SecretController but the controller you posted is called MyController.
To investigate further, you should enable more verbose logging using log4j configuration as suggested in the doc http://alvarosanchez.github.io/grails-spring-security-rest/1.5.1/docs/guide/debugging.html