Rest APi User Registration

Question

I create a Grails REST API

I'm using Spring Security

For create the User and Role domain classes

grails s2-quickstart com.mycompany.myapp User Role

My REST API should support the ability to create users, but I do not know how to do this

@GrailsCompileStatic
@EqualsAndHashCode(includes='username')
@ToString(includes='username', includeNames=true, includePackage=false)
class User implements Serializable {
    private static final long serialVersionUID = 1

    String username
    String password
    boolean enabled = true
    boolean accountExpired
    boolean accountLocked
    boolean passwordExpired

    User(String username, String password) {
        this()
        this.username = username
        this.password = password
    }

    Set<Role> getAuthorities() {
        (UserRole.findAllByUser(this) as List<UserRole>)*.role as Set<Role>
    }

    static constraints = {
        password nullable: false, blank: false, password: true
        username nullable: false, blank: false, unique: true
    }

    static mapping = {
        table '`user`'
        password column: '`password`'
    }
}

I created a controller

class UserController extends RestfulController {
    static responseFormats = ['json', 'xml']
    UserController() {
        super(User)
    }

    @Secured(['permitAll'])
    @Override
    def save() {
        super.save()
    }
}

And at the moment I can create users, but I can not automatically assign them a role

How can I assign it the role of ROLE_USER when creating a new user?

I use Grails 3.3.5

Answer 1

You can do something like this:

User user = new User(username: params.username, password: params.password).save()
Role role = Role.findOrSaveWhere(authority: "ROLE_USER")
new UserRole(user: user, role: role).save()

// If you want to assign another role to the user
role = Role.findOrSaveWhere(authority: "ROLE_SUBSCRIBED")
new UserRole(user: user, role: role).save()

If your project is solely a REST API, I'd recommend using the Grails rest-api profile. There's a good tutorial on this, you can check it out here .

Answer 2

Spring Security Core delegates the responsibility of managing the relationship between User and Role through the entity UserRole with a series of static methods among which is create , I share you the definition

static UserRole create(User user, Role role, boolean flush = false) {
    def instance = new UserRole(user: user, role: role)
    instance.save(flush: flush)
    instance
}

As you can see, this static method expects two parameters: an User instance and a role instance and optionally flush. You consume this method in the following way

Role adminRole = new Role(authority: 'ROLE_ADMIN').save() // here makes sense the recommendation of styl3r to first search if the role exists if it is not like that to create it

User testUser = new User(username: 'me', password: 'password').save()

UserRole.create testUser, adminRole

I took this example from the plugin documentation. In the following link.

https://grails-plugins.github.io/grails-spring-security-core/3.2.x/index.html#tutorials