stackoom
  简体   繁体   中英

Spring Security for Grails app using Spring MVC backend

 原文  2013-09-19 09:28:48       java/ grails/ spring-mvc/ spring-security

Question

I have a web app running with Grails looking after the view and controller and calling into a spring-mvc backend via the service layer ( Grails app using services from spring-mvc backend ). Now I need to implement Spring Security (SS) for the app.

Its at this point I'm not sure how to marry both. The backend already has a fully functioning spring security implementation but to get the Grails app to work I needed to exclude all transient spring security dependencies coming from the spring-mvc app and go with a purely Grails solution (maybe this was the wrong decision?). The backend already has User and Role objects complete with a user_roles table modelled via a joinTable annotation in the User domain.

Questions:

  1. Am I on the right track? Ignore everything from java backend in terms of SS bar using its data objects and go with Grails impl with SS plugin? I've seen posts saying I don't even need to use the Grails plugin but they're quite old now and I'm not sure how I'd annotate my controllers and services.

  2. If Grails is the way, I'm not sure what I need from by backend and what I need to reimplement/extend in Grails. I have an SS extended User and UserDetailsService in the backend app but cannot use them as I've completely excluded all the SS jars that they depend on so I presume I have to roll my own?

  3. So I implement a UserDetails object, a custom UserDetailsService (should this implement the GrailsUserService?) and expose the latter as a bean and everything should work? Wishful thinking maybe.

Any guidance, even at a high level would be much appreciated as I'm struggling to determine my approach at this point, never mind implementation.

1 answers

solution1
 0 ACCPTED  2013-09-23 14:26:48

I have managed to implement what I need to get this working. I have gone with the purely Grails approach and so have my own implementation of userDetails, an instance of which is returned by my custom userDetailsService. One thing to look out for, if getting a proof of concept working, is to make sure that you are reading back your password in the format you are storing it in. Spring Sec will hash your password to compare against what is in your database and so you will not successfully load a user if your storing your password as plain text. One way around this is to use the following config in resources.groovy. 

passwordEncoder(PlaintextPasswordEncoder)

But of course I would not advocate this as being the long term solution from a security point of view.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Grails app using services from spring-mvc backend Using Spring as a backend for grails front end Integrating Spring Security into Grails Using Netbeans IDE How to share Spring Security classes between a Grails app and a Java app? How to modify existing Spring MVC app to bypass spring security? Grails spring security signup with moderation Grails, Spring Security LDAP Plugin Grails - Spring Security not working with Mysql 8 Spring security without spring mvc Spring MVC and Spring Security Integration
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM