Thursday, November 19, 2009

Getting Beans in Grails Console

It's convenient to run groovy snippets in Grails Console. At some time, these snippets might depend on some Service Object in your grails app. In Grails world, you can solve this kind of dependence using DI. Please check out "8.3 Dependency Injection and Services" in Grails reference document for more information. But now we are running groovy script in grails console, how can we get that service object we need? The reference document doesn't give us an answer directly.
Since Grails is based on Spring, we can resort to ApplicationContext. Now the problem is how to get the ApplicationContext instance. After reading "%GRAILS_HOME%/scripts/Console.groovy", you can find a bind-variable named "ctx", which points to the ApplcationContext Object. So, we can use it to get the dependent object used by the script in the console. Here is an example:
def executionService= ctx.getBean('executionService')
def processInstances= executionService.createProcessInstanceQuery().processDefinitionId('StateSequence-1').list()
def executions = processInstances.collect{
def activeNames= it.findActiveActivityNames()
}

Wednesday, November 04, 2009

JSecurity Mini Guide

This post is a summary on what I learned from my project during I was implementing its security function. The tools and their versions are:
  • Jsecurity 0.9
  • Grails 1.1.1
  • Grails JSecurity Plugin 0.4.1
Maybe the versions of the tools you are using are not the same as me, but I think that is not a big question and migration is not too difficult, ;)
First, let's check grails-jsecurity-plugin. As I said in my last post, this plugin is awesome! If you decide to take jescurity as the fundation of your security function, you should also consider to examine this plugin. Trust me, it will sppeed up your development. Now, it's time to see how to use it:
  1. grails install-plugin jsecurity, or you can download it from http://grails.org/plugin/shiro, then grails install-plugin plugin-path
  2. grails quick-start, this is the simplest way to use this plugin. In this step, you will get 6 security domain classes (including JsecPermission, JsecRole, JsecUser, JsecRolePermissionRel, JsecUserPermissionRel and JsecUserRoleRel), a DbRealm(JsecDbRealm), an AuthController and a login page. All of those classes will meet your need at most of time. If you are using ladp, you can try the LadpRealm provided by this plugin, using "grails create-ldap-realm".
  3. grails create-filters filters-name, this filter will inteceptor all the request, if you want to protect something, this is a good place. To protect what you want to keep, you can leaveage the access control dsl made by this plugin:
    • need authentication? accessControll { true }
    • has role? accessControll{ role('admin') }
    • is permitted? accessControll{ permission("${actionName}:${actionName}:${params.id}") }
    At this point, you have implemented an auth controller and a login page, the security domain classes and a request inteceptor, the rest of the work are:
  4. Using the tag lib to enhance your UI.
  5. Configurating WildcardPermission as the permission class of your application. In BootStrap.groovy:
    new JsecPermission(type: 'org.jsecurity.authz.permission.WildcardPermission', possibleActions: '*').save()
    Except WildcardPermission, You also can use AllPermission to represent a permission owned by administrator:
    new JsecPermission(type: 'org.jsecurity.authz.permission.AllPermission', possibleActions: '*').save()
  6. Implementing the CRUD of those security domain classes. Here, I will show you some samples:
    • add user: new JsecUser(username: 'foxgem', passwordHash: new Sha1Hash('foxgem').toHex()).save()
    • add role: new JsecRole(name: 'admin').save()
    • assign a role to a user:
    • def role= JsecRole.get(1)
      def user= JsecUser.get(1)
      new JsecUserRoleRel(role: role, user: user).save()
    • assign a permission to a user:
    • def user= JsecUser.get(1)
      def permission= JsecPermission.get(1)
      // In this sample, the target property is a wildcard permission string, eg: 'controller:action'.
      // Please to check WildcardPermission in JSecurity API document for more information.
      new JsecUserPermissionRel(permission: permission, user: user, target: params.target, actions: '*').save()
Now, you have all the knowledge about grails jsecurity plugin. Next, you should understand the fundation of this plugin - JSecurity. The more you know about it, the more you can do with it. The following diagram shows the key concepts you must know, for more information, please read jsecurity api document.

At the end of this post, I will list some helpful resources: