I had a requirement in a recent project to have all logins handled by HTTPS, and I wanted to implement this using Grails 1.0.2 with the acegi-plugin. There seemed to be a number of issues with the plugin, specifically with some package names and configuring the ACEGI channel selectors. Of note are that the package names have changed in the ACEGI-Spring migration, for example, packages org.acegisecurity.util... and org.acegisecurity.securechannel... have become org.springframework.security.util and org.springframework.security.securechannel, respectively. I didn't find this reflected in the online documentation for either Spring Security or Grails, at least not yet.

Steps to Configure HTTPS Channels

First, install the acegi plugin. Next, configure the channel filter in the web.xml file. This requires us to install the grails templates which will contain the web.xml template grails uses to produce the deployed web.xml.

grails install-templates

will do the trick. Navigate to the src/templates/war and add the filter to the web.xml template there:

    
  		Acegi Channel Processing Filter
  		org.springframework.security.util.FilterToBeanProxy
  		
    			targetClass
    			org.springframework.security.securechannel.ChannelProcessingFilter
  		
	
    
    
  		Acegi Channel Processing Filter
  		/*
	

Now, when we build our application, this filter will be configured in our deployed web.xml. The final step is to set up the spring beans, and this is done using the Grails DSL for configuring Spring beans (the SpringBuilder). A great reference on the SpringBuilder can be found on the Grails documentation online (http://grails.org/Spring+Bean+Builder). The code should be put into yout grails-app/conf/spring/resource.groovy file (the entire file is reproduced here):

import org.springframework.security.securechannel.ChannelProcessingFilter
import org.springframework.security.securechannel.ChannelDecisionManagerImpl
import org.springframework.security.securechannel.SecureChannelProcessor
import org.springframework.security.securechannel.InsecureChannelProcessor

beans = {
	secureChannelProcessor(SecureChannelProcessor)
	insecureChannelProcessor(InsecureChannelProcessor)

	channelDecisionManager(ChannelDecisionManagerImpl) {
		channelProcessors = [secureChannelProcessor, insecureChannelProcessor]
	}

	channelProcessingFilter(ChannelProcessingFilter) {
		channelDecisionManager=channelDecisionManager
		filterInvocationDefinitionSource='''
			  CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
			  PATTERN_TYPE_APACHE_ANT
			  /login/**=REQUIRES_SECURE_CHANNEL
		      '''
	}
}

sc experts

• Abigail Winthrop Lead Project Manager
• Ben Brown Senior Software Engineer
• Dan Stieglitz Chief Executive/Engineer

categories

• Alfresco
• Blogs
• Content Management
• Email
• General Internet
• Groovy/Grails
• New Media
• Rants
• Search
• Service-Oriented Architecture
• Social Networks
• Stainless Code
• Web

blog roll

Subscribe to RSS

articles

• The Restaurant Pattern: Declarative, Loosely Coupled Components
• Declarative Chain of Responsibility
• Building an XML Content Router
• A Strategy for Aspect-Oriented Error Handling