ACEGI (Spring) Security, HTTPS, and Grails

{ Dan Stieglitz // Groovy/Grails // May 30, 2008 }

I had a requirement in a recent project to have all logins handled by HTTPS, and I wanted to implement this using Grails 1.0.2 with the acegi-plugin. There seemed to be a number of issues with the plugin, specifically with some package names and configuring the ACEGI channel selectors. Of note are that the package names have changed in the ACEGI-Spring migration, for example, packages org.acegisecurity.util... and org.acegisecurity.securechannel... have become org.springframework.security.util and org.springframework.security.securechannel, respectively. I didn't find this reflected in the online documentation for either Spring Security or Grails, at least not yet.

Steps to Configure HTTPS Channels

First, install the acegi plugin. Next, configure the channel filter in the web.xml file. This requires us to install the grails templates which will contain the web.xml template grails uses to produce the deployed web.xml.

grails install-templates

will do the trick. Navigate to the src/templates/war and add the filter to the web.xml template there:

    
  		Acegi Channel Processing Filter
  		org.springframework.security.util.FilterToBeanProxy
  		
    			targetClass
    			org.springframework.security.securechannel.ChannelProcessingFilter
  		
	
    
    
  		Acegi Channel Processing Filter
  		/*

Now, when we build our application, this filter will be configured in our deployed web.xml. The final step is to set up the spring beans, and this is done using the Grails DSL for configuring Spring beans (the SpringBuilder). A great reference on the SpringBuilder can be found on the Grails documentation online (http://grails.org/Spring+Bean+Builder). The code should be put into yout grails-app/conf/spring/resource.groovy file (the entire file is reproduced here):

import org.springframework.security.securechannel.ChannelProcessingFilter
import org.springframework.security.securechannel.ChannelDecisionManagerImpl
import org.springframework.security.securechannel.SecureChannelProcessor
import org.springframework.security.securechannel.InsecureChannelProcessor

beans = {
	secureChannelProcessor(SecureChannelProcessor)
	insecureChannelProcessor(InsecureChannelProcessor)

	channelDecisionManager(ChannelDecisionManagerImpl) {
		channelProcessors = [secureChannelProcessor, insecureChannelProcessor]
	}

	channelProcessingFilter(ChannelProcessingFilter) {
		channelDecisionManager=channelDecisionManager
		filterInvocationDefinitionSource='''
			  CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
			  PATTERN_TYPE_APACHE_ANT
			  /login/**=REQUIRES_SECURE_CHANNEL
		      '''
	}
}

29 comments

Nice post - this helped me out loads with a http/https mixed app.

One question though - I can get this to work fine under Tomcat when I deploy my app by enabeling the https listner on port 443…

But how do you get jetty to listen on two ports (8080 and 8443 or 80 and 443) in dev mode?

It seems in can run http via run-app or https via run-app-https, but I want it to listen with both.

Martin

Posted by on 11/24 at 08:47 AM

Hey martin, have u found a way for jetty to listen to both 8080 and 8443 ports at the same time?

Posted by Lydon on 03/30 at 01:20 AM

These are separate issues...1 yes you can configure pop3 in Yahoo! as long as you are paying for it and Hotmail will definitely let you. As to the port issue, use a configurable firewall like TinyFirewall and you’re off and running.

Posted by Twitter Backgrounds on 01/02 at 03:55 AM

Every one understands that men’s life is very expensive, but we need money for different things and not every one gets enough money. Thus to get quick credit loans and bank loan should be a right solution.

Posted by GuerraCharmaine on 05/26 at 03:08 PM

It would take very long time to improve a writing technique. But oftentimes, some persons are pressured for time. If you want to save time and have the best quality custom essay order, you would find the modern writing service and buy a essay online there. After that, your success is received.

Posted by RichardsLEONA21 on 05/28 at 05:44 AM

People at shool are trying to reach the success and they purchase the written essays close to this post from the essay writing services, but very oft they require the stuff about writing service.

Posted by DawsonEugenia30 on 05/28 at 06:37 AM

A file system is a method of storing and organizing computer files and their data. Essentially, it organizes these files into a database for the storage.

Posted by icon creation on 06/04 at 01:58 AM

Exhausted of wasting hours for term papers writing? Trouble no more! Buy essay paper at buy a paper service and assure that you have got great quality papers.

Posted by BensonGeraldine28 on 06/06 at 10:52 AM

When https:// is used as the prefix of a Web address rather than the common http://, the session is managed by a security protocol, which is typically SSL, and the transmission is encrypted to and from the Web server. nike air jordan

Posted by on 06/12 at 10:52 PM

It’s not so easy to make a great essay paper, especially if you are booked. I consult you to set buy essays and to be void from distrust that your work will be done by professionals

Posted by Jeanne32Jacobs on 06/14 at 05:04 AM

Very delightful circumstance about this good post, but still this argument is to complicate to considerate.That is why we have directed to create a custom writing service to help determined students. They can buy term paper that is custom and made by professional , buy essay or even buy research paper. But when people use this kind of avail – an ethical question is raised: Is it ok to use these kinds of services? Is it ok to use them, and will you be punished for using them.

Posted by VelmaGill27 on 06/15 at 12:03 PM

Every human all over the our world likes to become original, but does not get know the way to do this. But a lot of guys find the ringtones or just wap ringtones to be original.

Posted by ElmaMyers on 06/15 at 12:03 PM

recently participated in Michael Surkan’s Software Engineering Productivity podcast (http://bit.ly/a3ugQj). On the show I talk about dealing with environments where requirements change rapidly, such as broadcast media environments

Posted by survey scout surveys on 06/16 at 04:24 AM

Grails 1.0.2 is a good program. Thank you… information is cognitive and interesting

Posted by Vova on 06/25 at 12:38 PM

I am looking forward to what else you have to say. Thank for having this blog.

Posted by Magniwork Free Energy Generator on 06/28 at 11:35 PM

Do you have a poor Internet traffic and would like to optimize? Simply look for the social bookmarking submission service, just because it helps.

Posted by MATHISROSEMARIE34 on 07/13 at 07:33 AM

If you like to get a good degree, you should create the properly done science essay. The amazing free essays just about this topic can be a correct guide for custom written essay doing, I do guess.

Posted by Harper25Nancy on 07/13 at 01:23 PM

Good Blog and nice post. Thanks for sharing that kind of information with us.

Posted by Dissertation help on 07/16 at 06:38 PM

Thanks for the information. This is a wonderful post!!

Posted by essay writing on 07/29 at 01:40 AM

This website is really nice and colorful besides.
accident insurance claim

Posted by accident claims on 08/13 at 01:41 PM

This code is what iam expecting for a long time

Thanks for providing it here

Posted by Bankruptcy Attorney on 08/20 at 06:18 AM

Extremely useful and informative article. I wish i can do all of that in a short period of time. But for sure doing those will produce results. I will try to spread your words through my blog and link it back to you. Thanks a lot for those tips.

Posted by Dissertation writing on 08/23 at 11:22 AM

supply in stock and custom lace front wigs, full lace wigs, lace wigs, human hair wigs, remy lace front wigs, cheap wigs, cheap, buy, celebrity
full lace wigs

Posted by cosplay on 08/25 at 01:14 AM

No man is the whole of himself; his friends are the rest of him.
a famous Tiffany Jewelry store which sell directly Tiffany Rings, Necklaces, Errings, Bracelets and other Tiffany Jewellery.
tiffany

Posted by xiaochen on 08/26 at 01:28 AM

Thanks for the info.... Very good.

Posted by essay writing services on 08/26 at 04:05 PM

Add your own comment below.