Vishesh Duggar bio photo

Vishesh Duggar

CTO Software @vamstar. 15 years in tech. Entrepreneurial with a keen interest in product development and usability. Interested in working on high impact ideas.

Subscribe to my mailing list

Are you looking for a tech advisor or a CTO?

Contact on LinkedIn

Vamstar LinkedIn Twitter Github

There are some obvious benefits to writing custom code vs using a plugin. When using a plugin you get a lot of things off the shelf rather than writing it your self. But there is always that risk of adding more bloat to your code base than is needed, debugging and finally bug fixes. Using something as mature as Spring Security has its unique advantages and in my experience a very extensible family of plugins that have got the most love from the Grails community.

1. Basic Authentication and User Management

If you are involved with writing multiple apps you would appreciate how easy it is these days to get an app running with basic user management and authentication across various platforms and Grails is no different. You could setup Spring Security Core and Spring Security UI in around 30 minutes.

  • Certificate X509 authentication
  • Rember-Me Cookie configurations
  • Ajax authentication
  • Password Hashing
  • Salted Password

All out of the box!

2. Multiple ways to protect an endpoint

Request mappings

You can configure request mappings to secure URLs

grails.plugin.springsecurity.controllerAnnotations.staticRules = [
	'/':               ['permitAll'],
	'/index':          ['permitAll'],
	'/index.gsp':      ['permitAll'],
	'/assets/**':      ['permitAll'],
	'/**/js/**':       ['permitAll'],
	'/**/css/**':      ['permitAll'],
	'/**/images/**':   ['permitAll'],
	'/**/favicon.ico': ['permitAll']

Annotate an endpoint directly

Simply adding annotation to a controller action like

def index() {
	render 'you have ROLE_ADMIN'

to protect one of the endpoints or if you wanted to restrict the entire controller, simply add the annotation to the class

class SecureController

3. Utility code that just shouldn’t be written

SpringSecurityService and SpringSecurityUtils let you do things like:

  • Get basic details of the current user (because you don’t want to load the entire user object every time you want to deal with the current user).
  • Load current user
  • Check if the user has a particular role or does not have a particular role

4. Switch or operate as a different user

It can be configured to allow admins to switch user accounts while they are on the app. This is specially helpful while debugging and seeing exactly what the other user is seeing without asking their password.

5. Allows you to have a notion of Group

This makes it easier to give a group of users a set of authorities.

6. Close to 15 plugins make it easier to extend your authentication needs

Close to 15 years in tech; I've served as a CTO and advisor to multiple organizations. Brought close to 20 products to market. As a founding member of multiple organizations I've done everything from tech to stratgey, sales, marketing, hiring, accounting and more. Experience in a variety of technologies including but not limited to AWS, Node, React, Serverless, ElasticSearch, Groovy, Java, Typescript, Angular, Grails, PHP, Drupal, Wordpress.

Always interested in looking at new tech, strategy and ways I can add value to organizations.

[Contact me.](