Using Spring security taglibs in Grails

Posted By : Aditi Jain | 20-Nov-2013

These are GSP tags to support conditional display based on whether the user is authenticated, and/or has the required role to perform a particular action. These tags are in the sec namespace and are implemented in grails.plugins.springsecurity.SecurityTagLib.
 

Firstly we have to configure and customize the spring security (Refer to http://www.oodlestechnologies.com/blogs/Configuration-and-Customization-of-Spring-Security-in-Grails).


Update grailsApp/conf/config.groovy by adding:


grails.plugins.springsecurity.successHandler.defaultTargetUrl = '/action/controller’
grails.plugins.springsecurity.ui.register.postRegisterUrl = '/action/controller’

ROLES:

Spring Security creates default roles (ROLE_ADMIN, ROLE_USER, ROLE_ANONYMUS). Spring Security by default suggests these roles because they are used in most applications. However you are free to define and use custom roles.

Roles are assigned for authentication purposes, to give person secure access rights on the basis of its role. A user can have multiple roles to indicate various access rights in the application. But if a user authenticates successfully but has no granted roles, the plugin grants the user a 'virtual' role, ROLE_NO_ROLES. Thus the user satisfies Spring Security's requirements but cannot access secure resources, as you would not associate any secure resources with this role.


Security Tags are used in these ways:


ifLoggedIn- Conditional logic tag to only execute the tag body if the user is authenticated and is logged in.

	<sec:ifLoggedIn>
        <g:link controller="logout">Logout</g:link>
        </sec:ifLoggedIn>

ifNotLoggedIn- Conditional logic tag to only execute the tag body if the user is not authenticated and is not logged in.

    <sec:ifNotLoggedIn>
    <g:link controller='login' action='auth'>Login</g:link>
    </sec:ifNotLoggedIn>

ifAllGranted- Conditional logic tag to only execute the tag body only if all of the listed roles are granted.

     <sec:ifAllGranted roles="ROLE_ADMIN,ROLE_USER">
     <input type="submit" id="save-button" id="save" value="Save" />
     <input type="button" disabled="disabled" value="Add Note" />
     <input type="submit" id="save-close-button" value="Save and Close"/>
     </sec:ifAllGranted>
   

ifAnyGranted- Conditional logic tag to only execute the tag body if at least one of the listed roles are granted.

    <sec:ifAnyGranted roles='ROLE_ADMIN,ROLE_USER'>
    <input type="submit" id="save-button" disabled="disabled" id="save" value="Save" />
    <input type="button" value="Add Note" />
    <input type="submit" id="save-close-button" disabled="disabled" value="Save and Close" />
    </sec:ifAnyGranted>

ifNotGranted-  Conditional logic tag to only execute the tag body if none of the listed roles are granted.

     <sec:ifNotGranted roles="ROLE_USER">
     <input type="submit" id="save-button" disabled="disabled" id="save" value="Save" />
     <input type="button" value="Add Note" />
     <input type="submit" id="save-close-button" disabled="disabled" value="Save and Close" />
     </sec:ifNotGranted>

loggedInUserInfo- Displays the value of the specified authentication field if logged in. For example, to show the username property:

     <sec:loggedInUserInfo field="username"/>

access- Renders the body if the specified expression evaluates to true or specified URL is allowed.

    <sec:access expression="hasRole('ROLE_USER')">
     You're a user
    </sec:access>

    <sec:access url="/admin/user">
    <g:link controller='admin' action='user'>Manage Users</g:link>
    </sec:access>

 

About Author

Author Image
Aditi Jain

Aditi is a bright Groovy and Grails developer and have worked on development of various SaaS applications using Grails framework.

Request for Proposal

Name is required

Comment is required

Sending message..