Vishesh Duggar bio photo

Vishesh Duggar

Founder @ CauseCode. Startup tech guy with a keen interest in product development and usability. Interested in working on high impact ideas.

Subscribe to my mailing list

Are you looking for web/mobile development help or a CTO?

Contact

CauseCode LinkedIn Twitter Facebook Github

There are some obvious benefits to writing custom code vs using a plugin. When using a plugin you get a lot of things off the shelf rather than writing it your self. But there is always that risk of adding more bloat to your code base than is needed, debugging and finally bug fixes. Using something as mature as Spring Security has its unique advantages and in my experience a very extensible family of plugins that have got the most love from the Grails community.

1. Basic Authentication and User Management

If you are involved with writing multiple apps you would appreciate how easy it is these days to get an app running with basic user management and authentication across various platforms and Grails is no different. You could setup Spring Security Core and Spring Security UI in around 30 minutes.

  • Certificate X509 authentication
  • Rember-Me Cookie configurations
  • Ajax authentication
  • Password Hashing
  • Salted Password

All out of the box!

2. Multiple ways to protect an endpoint

Request mappings

You can configure request mappings to secure URLs

grails.plugin.springsecurity.controllerAnnotations.staticRules = [
	'/':               ['permitAll'],
	'/index':          ['permitAll'],
	'/index.gsp':      ['permitAll'],
	'/assets/**':      ['permitAll'],
	'/**/js/**':       ['permitAll'],
	'/**/css/**':      ['permitAll'],
	'/**/images/**':   ['permitAll'],
	'/**/favicon.ico': ['permitAll']
]

Annotate an endpoint directly

Simply adding annotation to a controller action like

@Secured(['ROLE_ADMIN'])
def index() {
	render 'you have ROLE_ADMIN'
}

to protect one of the endpoints or if you wanted to restrict the entire controller, simply add the annotation to the class

@Secured(['ROLE_ADMIN'])
class SecureController

3. Utility code that just shouldn’t be written

SpringSecurityService and SpringSecurityUtils let you do things like:

  • Get basic details of the current user (because you don’t want to load the entire user object every time you want to deal with the current user).
  • Load current user
  • Check if the user has a particular role or does not have a particular role

4. Switch or operate as a different user

It can be configured to allow admins to switch user accounts while they are on the app. This is specially helpful while debugging and seeing exactly what the other user is seeing without asking their password.

5. Allows you to have a notion of Group

This makes it easier to give a group of users a set of authorities.

6. Close to 15 plugins make it easier to extend your authentication needs

We do web/mobile apps and have expertise in building scalable applications 30% faster.

Whether you are starting out or have already made some progress, 
we can help you build a scalable app faster and cheaper.

Contact me personally at http://scr.im/visheshd