Vishesh Duggar bio photo

Vishesh Duggar

5x founder. Co-founder & CTO Product @vamstar. 15+ years building and advising startups of all sizes. If you're building something cool, I'd love to hear about it.

Looking for advice on product, strategy or engineering?

Book Appointment

Subscribe to my mailing list


Vamstar LinkedIn Twitter Github

There are some obvious benefits to writing custom code vs using a plugin. When using a plugin you get a lot of things off the shelf rather than writing it your self. But there is always that risk of adding more bloat to your code base than is needed, debugging and finally bug fixes. Using something as mature as Spring Security has its unique advantages and in my experience a very extensible family of plugins that have got the most love from the Grails community.

1. Basic Authentication and User Management

If you are involved with writing multiple apps you would appreciate how easy it is these days to get an app running with basic user management and authentication across various platforms and Grails is no different. You could setup Spring Security Core and Spring Security UI in around 30 minutes.

  • Certificate X509 authentication
  • Rember-Me Cookie configurations
  • Ajax authentication
  • Password Hashing
  • Salted Password

All out of the box!

2. Multiple ways to protect an endpoint

Request mappings

You can configure request mappings to secure URLs

grails.plugin.springsecurity.controllerAnnotations.staticRules = [
	'/':               ['permitAll'],
	'/index':          ['permitAll'],
	'/index.gsp':      ['permitAll'],
	'/assets/**':      ['permitAll'],
	'/**/js/**':       ['permitAll'],
	'/**/css/**':      ['permitAll'],
	'/**/images/**':   ['permitAll'],
	'/**/favicon.ico': ['permitAll']
]

Annotate an endpoint directly

Simply adding annotation to a controller action like

@Secured(['ROLE_ADMIN'])
def index() {
	render 'you have ROLE_ADMIN'
}

to protect one of the endpoints or if you wanted to restrict the entire controller, simply add the annotation to the class

@Secured(['ROLE_ADMIN'])
class SecureController

3. Utility code that just shouldn’t be written

SpringSecurityService and SpringSecurityUtils let you do things like:

  • Get basic details of the current user (because you don’t want to load the entire user object every time you want to deal with the current user).
  • Load current user
  • Check if the user has a particular role or does not have a particular role

4. Switch or operate as a different user

It can be configured to allow admins to switch user accounts while they are on the app. This is specially helpful while debugging and seeing exactly what the other user is seeing without asking their password.

5. Allows you to have a notion of Group

This makes it easier to give a group of users a set of authorities.

6. Close to 15 plugins make it easier to extend your authentication needs

15+ Years strategising and delivering growth, engineering, customer value and more. I have served as a CTO to multiple organizations, including Vamstar, AtruHelp, Billaway, SuperSehat, and more.

If you're a founder or CEO eager to move faster and seek tailored strategies for your unique challenges, don't navigate this journey alone. Reach out to me. Together, we can dissect, refine, and optimize your enterprise's trajectory to withstand the tests of time and innovation. Let's make your vision not just a goal, but an impending reality.

I have limited open hours. Book Appointment