Using Spring security taglibs in Grails
Posted By : Aditi Jain | 20-Nov-2013
These are GSP tags to support conditional display based on whether the user is authenticated, and/or has the required role to perform a particular action. These tags are in the sec namespace and are implemented in grails.plugins.springsecurity.SecurityTagLib.
Firstly we have to configure and customize the spring security (Refer to http://www.oodlestechnologies.com/blogs/Configuration-and-Customization-of-Spring-Security-in-Grails).
Update grailsApp/conf/config.groovy by adding:
grails.plugins.springsecurity.successHandler.defaultTargetUrl = '/action/controller’ grails.plugins.springsecurity.ui.register.postRegisterUrl = '/action/controller’
ROLES:
Spring Security creates default roles (ROLE_ADMIN, ROLE_USER, ROLE_ANONYMUS). Spring Security by default suggests these roles because they are used in most applications. However you are free to define and use custom roles.
Roles are assigned for authentication purposes, to give person secure access rights on the basis of its role. A user can have multiple roles to indicate various access rights in the application. But if a user authenticates successfully but has no granted roles, the plugin grants the user a 'virtual' role, ROLE_NO_ROLES. Thus the user satisfies Spring Security's requirements but cannot access secure resources, as you would not associate any secure resources with this role.
Security Tags are used in these ways:
ifLoggedIn- Conditional logic tag to only execute the tag body if the user is authenticated and is logged in.
<sec:ifLoggedIn> <g:link controller="logout">Logout</g:link> </sec:ifLoggedIn>
ifNotLoggedIn- Conditional logic tag to only execute the tag body if the user is not authenticated and is not logged in.
<sec:ifNotLoggedIn> <g:link controller='login' action='auth'>Login</g:link> </sec:ifNotLoggedIn>
ifAllGranted- Conditional logic tag to only execute the tag body only if all of the listed roles are granted.
<sec:ifAllGranted roles="ROLE_ADMIN,ROLE_USER"> <input type="submit" id="save-button" id="save" value="Save" /> <input type="button" disabled="disabled" value="Add Note" /> <input type="submit" id="save-close-button" value="Save and Close"/> </sec:ifAllGranted>
ifAnyGranted- Conditional logic tag to only execute the tag body if at least one of the listed roles are granted.
<sec:ifAnyGranted roles='ROLE_ADMIN,ROLE_USER'> <input type="submit" id="save-button" disabled="disabled" id="save" value="Save" /> <input type="button" value="Add Note" /> <input type="submit" id="save-close-button" disabled="disabled" value="Save and Close" /> </sec:ifAnyGranted>
ifNotGranted- Conditional logic tag to only execute the tag body if none of the listed roles are granted.
<sec:ifNotGranted roles="ROLE_USER"> <input type="submit" id="save-button" disabled="disabled" id="save" value="Save" /> <input type="button" value="Add Note" /> <input type="submit" id="save-close-button" disabled="disabled" value="Save and Close" /> </sec:ifNotGranted>
loggedInUserInfo- Displays the value of the specified authentication field if logged in. For example, to show the username property:
<sec:loggedInUserInfo field="username"/>
access- Renders the body if the specified expression evaluates to true or specified URL is allowed.
<sec:access expression="hasRole('ROLE_USER')"> You're a user </sec:access>
<sec:access url="/admin/user"> <g:link controller='admin' action='user'>Manage Users</g:link> </sec:access>
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Aditi Jain
Aditi is a bright Groovy and Grails developer and have worked on development of various SaaS applications using Grails framework.