Grails 3 Spring Security Pre Authentication

Question

The application I have in works uses Grails 3. I am attempting to do Pre-Authentication, as described in this article , but am having a hard time as I cannot figure out how to disable the regular authentication provided by the grails 3 spring security plugin .

Here is my current scenario: User A hits my webpage. I want to parse the headers of the request and take out the roles and username information. If the username or roles are empty, I will redirect the user to some gateway. In simple terms, I want to use spring security for authorization only, by invoking the static rules provided by the plugin. ie

grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    [pattern: '/serviceb/**', access: "hasAnyRole('ROLE_COOL','ROLE_UNCOOL')"],
    [pattern: '/cools/**', access: ['ROLE_ADMINS']],
    [pattern: '/*', access: 'isAuthenticated()']
]

This is the reason I do not need spring security to do any login functionality, as the first article states, we can use it for authentication only.

What I have tried:

First, I removed all authentication related calls in my application.groovy file (created by default when running the quick start for the plugin) ie, connection strings, search filters, but not static rules

Next, I tried to use a solution provided by these two posts: on stack and this on blog .

I created a Filter to extend the AbstractPreAuthenticatedProcessingFilter

package Cool.service.authentication
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
import javax.servlet.http.HttpServletRequest

class CGAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
    @Override
    protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) { "username" }

    @Override
    protected Object getPreAuthenticatedCredentials(HttpServletRequest request) { "N/A" }
}

My Boot config now looks like this:

import grails.plugin.springsecurity.SecurityFilterPosition
import grails.plugin.springsecurity.SpringSecurityUtils

class BootStrap {

    def init = { servletContext ->
        SpringSecurityUtils.clientRegisterFilter('CGAuthenticationFilter', SecurityFilterPosition.PRE_AUTH_FILTER.order)
    }
}

And my Spring resources look like this:

import Cool.service.authentication.CGAuthenticationFilter

beans = {
    myAuthenticationFilter(CGAuthenticationFilter) {
        authenticationManager = ref('authenticationManager')
        checkForPrincipalChanges = true
    }
}

And lastly, added this line to my application.groovy configuration for spring security plugin:

grails.plugin.springsecurity.providerNames = ['preAuthenticatedAuthenticationProvider', 'anonymousAuthenticationProvider']

However, I am getting a super geneirc error when trying to run-app, where the server "fails" to start and java returns a non zero value back. This makes me believe I am headed in the wrong direction, and the implementation is completely wrong

Answer 1

To solve the problem, I had to change a few files. First, my Bootstrap file now contains the following init block:

SpringSecurityUtils.clientRegisterFilter('requestHeaderAuthenticationFilter', SecurityFilterPosition.PRE_AUTH_FILTER)

My beans (resources.groovy) file now contains:

userDetailsService(grails.plugin.springsecurity.userdetails.GormUserDetailsService) {
    grailsApplication = ref('grailsApplication')
}

userDetailsByNameServiceWrapper(org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper) {
    userDetailsService = ref('userDetailsService')
}

preAuthenticatedAuthenticationProvider(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider) {
    preAuthenticatedUserDetailsService = userDetailsByNameServiceWrapper
}

requestHeaderAuthenticationFilter(Cool.service.authentication.GCHeaderAuthenticationFilter) {
    authenticationManager = ref('authenticationManager')
}

Other than that, the rest of the configuration is correct.