Archive for December, 2011

This Week in Grails (2011-51)

Tuesday, December 27th, 2011

This week was a bit quieter than last – it’d be hard to top the release of Grails 2.0. Things seem to be going very well with a few bumps, and the consensus seems to be that people are psyched about the new release.

The Groovy team released Groovy 1.8.5 and 2.0 Beta 2. Looks like Invoke Dynamic support, Static Type Checking and initial work on static compilation are coming along.

If you’re in the Boston area, I’ll be doing a talk at NEJUG on January 12th on what’s new in Grails 2.0 and Groovy 1.8.


If you want to keep up with these “This Week in Grails” posts you can access them directly via their category link or in an RSS reader with the feed for just these posts.


Translations of this post:



Plugins

There were 3 new plugins released:

  • feature-toggle version 0.1. The feature toggles plugin provides Tag Libraries and dynamic methods to implement configurable features
  • mahout-recommender version 0.5.1. Use Apache Mahout recommendation algorithms in your project
  • quick-input version 0.1.1. Provides new input tags supporting some mass input capabilities

and 16 updated plugins:

  • activiti version 5.8.1. Integrates the Activiti BPM Suite and workflow system
  • address-lookup-zpfour version 0.1.2. Provides address lookup service and tags so you can easily add address lookups to your web app if you have a ZP4 HTTPSERV service from Semaphore corp running on your network
  • browser-detection version 0.3.2. Provides a service and tag library for browser detection
  • bulkload version 0.1.1. Export or bulkload all the instances of a given class from the client browser
  • cloud-bees version 0.5.4. Adds scripts to integrate with the CloudBees client API
  • constraints version 0.7.0. Allows you to create custom domain Constraints for validating Domain objects
  • geb version 0.6.2. Geb is a library for headless web browsing on the JVM, suitable for automation and functional web testing
  • greenmail version 1.3.1. Provides a wrapper around GreenMail and provides a view that displays ‘sent’ messages – useful for testing
  • joda-time version 1.3.1. Integrates the Joda Time date/time library into Grails
  • mail version 1.0. Send email from your application
  • modernizr version 2.0.6. Provides the Modernizr Javascript library resource files from http://www.modernizr.com/
  • new-doc version 0.3.2. A backport of the additional functionality offered in the doc command in Grails 2.0.x
  • sanitizer version 0.7.1. Sanitizes markup(HTML, XHTML, CSS) using OWASP AntiSamy Filters
  • spring-security-facebook version 0.5.3. Plugin for Facebook Authentication, as extension to Grails Spring Security Core plugin
  • spring-security-saml version 1.0.0.M10. SAML 2.x support for the Spring Security Plugin
  • struts-menu version 1.2.1. Basic Grails wrapper for Struts Menu

Interesting Tweets

Jobs



User groups and Conferences


This Week in Grails (2011-50)

Tuesday, December 20th, 2011

The big news this week was the release of Grails 2.0. It took longer than expected since we were waiting on the final release of Spring 3.1 but it’s finally out and the response has been great so far. There are a ton of cool new features, usability improvements and fixes. Check out Peter’s screencast on the new usability features.

We also announced support for deploying Grails applications on Heroku. The heroku plugin makes it simple to deploy a 1.3.7 or 2.0 app that auto-reconfigures your settings for the DataSource, Mongo, Redis, Memcached, and RabbitMQ depending on which services are provisioned for the application.

STS 2.9.0.M1 was released along with Groovy-Eclipse 2.6.0. Check out the New and Noteworthy features – it’s a long list.


If you want to keep up with these “This Week in Grails” posts you can access them directly via their category link or in an RSS reader with the feed for just these posts.


Translations of this post:



Plugins

There were 5 new plugins released:

  • bulkload version 0.1. Export or bulkload all the instances of a given class from the client browser
  • sendgrid version 0.1. Allows the sending of Email via SendGrid’s services
  • spring-security-radius version 1.0.0. RADIUS support for the Spring Security plugin
  • heroku version 1.0. Integrates Heroku’s cloud platform
  • raphael version 2.0.1. Provides the JavaScript Vector Library Raphaël – cross-browser vector graphics the easy way

and 18 updated plugins:

  • build-test-data version 1.1.2. Enables the easy creation of test data by automatic inspection of constraints
  • cloud-bees version 0.5.2. Adds scripts to integrate with the CloudBees client API
  • cloud-support version 1.0.8. Support plugin to help cloud plugins update service provider connection information from the cloud environment
  • csv version 0.3.1. Easily parse and consume comma-separated values (CSV) from a number of input sources
  • memcached version 1.0.3.2. Helps integrate Memcached as the Hibernate 2nd-level cache provider
  • mongodb version 1.0.0.RC3. Aims to provide an object-mapping layer on top of MongoDB
  • redis version 1.1. Provides integration with a Redis datastore
  • redis-gorm version 1.0.0.M8. Integrates the Redis key/value datastore into Grails, providing a GORM-like API onto it
  • release version 1.0.0. Publishes Grails plugins either to a public or private repository
  • remote-control version 1.2. Execute code inside a remote Grails application
  • remote-pagination version 0.2.8. Provides tags for pagination and to sort columns without page refresh using Ajax and loads only the list of objects needed
  • resources version 1.1.6. A resource management and processing framework
  • riak version 1.0.0.M4. GORM for the Riak NoSQL datastore
  • spring-security-facebook version 0.5. Plugin for Facebook Authentication, as extension to Grails Spring Security Core plugin
  • svn version 1.0.1. Provides SVNKit as a dependency; an SvnClient class that makes it easier to work with Subversion; and integration with the Release plugin
  • translate version 1.2. Translates text from one language to another using the Google Translate API
  • twitter-bootstrap version 1.4.0.13. Twitter Bootstrap CSS framework resource files
  • uploadr version 0.5.6. HTML5 Drag and Drop file uploader

Interesting Tweets

Jobs



User groups and Conferences


This Week in Grails (2011-49)

Tuesday, December 13th, 2011

This week’s big event was the 5th annual Groovy & Grails eXchange at Skills Matter in London. With two tracks and over 20 talks there was a lot going on, and having concurrent tracks meant making some touch choices in a couple of slots about which talk to attend. But luckily Skills Matter is great about recording talks and were cranking them out in record time – announcing most published talks during the session that followed them. Click through to the talk abstracts in the conference schedule to get to each of the videos.

Next year’s conference has already been announced; it will be December 12th and 13th. The first 50 tickets are only £95, so what are you waiting for?

My talk was an intermediate/advanced Spring Security plugin talk – see it here and check out the corresponding blog post for the slides and sample application.

Like any conference there was a lot of Twitter activity; here are some of the ones I found interesting:

p.s. this is the 1st anniversary of the beginning of this series – I know it’s trite to say, but I can’t believe it’s been a year already.


If you want to keep up with these “This Week in Grails” posts you can access them directly via their category link or in an RSS reader with the feed for just these posts.


Translations of this post:



Plugins

There was 1 new plugin released:

  • marshallers version 0.1. Easy registration and usage of custom XML and JSON marshallers supporting hierarchical configurations

and 9 updated plugins:

  • cloud-bees version 0.5. Adds scripts to integrate with the CloudBees client API
  • dojo version 1.6.1.3. Integrates the Dojo javascript toolkit
  • jquery version 1.7.1. Integrates jQuery
  • proxool version 0.9.1.5. Proxool jdbc connection pool plugin
  • redis version 1.1. Provides integration with a Redis datastore
  • resources version 1.1.4. A resource management and processing framework
  • viaboxx-dbmigrate version 1.3.1. Setup and migrate the database of your project
  • webxml version 1.4.1. Add additional features to your web.xml, such as Filters, Config Listeners or Context Parameter definitions
  • weceem version 1.1.2. A content management system

Interesting Tweets

Jobs



User groups and Conferences


“Hacking the Grails Spring Security Plugin” at Groovy & Grails Exchange

Friday, December 09th, 2011

I gave a talk at the Groovy & Grails Exchange in London called “Hacking the Grails Spring Security Plugin”. I didn’t want to spend a lot of time discussing the sample app code since there was a lot of material to cover, so I’m making the code available here with a brief discussion of the implementation.


To support a custom login where the user’s organization must be specified in addition to the standard username and password, there’s a custom AuthenticationProvider (hacking.extralogin.auth.OrganizationAuthenticationProvider) which processes a subclass of UsernamePasswordAuthenticationToken (hacking.extralogin.OrganizationAuthentication) that adds an organizationName property, and a filter (hacking.extralogin.ui.OrganizationFilter) that creates the authentication from the request and initiates authentication.

In this example all authentication uses this approach, so the filter replaces the standard "authenticationProcessingFilter" bean (and subclasses the plugin’s RequestHolderAuthenticationFilter to maintain its functionality) and the provider replaces the "daoAuthenticationProvider" bean. The provider directly implements the AuthenticationProvider interface since using GORM directly is simple enough to not need to delegate to a UserDetailsService or other helper classes.

You can see the bean registrations for the filter and provider in grails-app/conf/spring/resources.groovy.

Note that the auth provider and filter are in separate packages to reinforce the idea that auth providers shouldn’t be aware of the UI. The filters that call the auth providers create an Authentication instance with all of the information that’s needed to authenticate, getting most or all of the data from the HTTP request. This keeps the auth providers modular and reusable outside of a web application.

No changes are required for the generated User, Role, or UserRole classes, but a new domain class Organization is needed to store the organization names, and OrgUser is needed to provide a link between users and organizations. auth.gsp has an extra input, a <select> box with all available Organization names.

If you request http://localhost:8080/hacking_london/secure you should see the text “not secured” since the index action is not guarded. But navigating to http://localhost:8080/hacking_london/secure/admin requires a user with ROLE_ADMIN, http://localhost:8080/hacking_london/secure/user requires a user with ROLE_USER, and http://localhost:8080/hacking_london/secure/adminOrUser requires a user with either ROLE_ADMIN or ROLE_USER. You can use one of the users created in BootStrap.groovy:

username Organization name password Role
admin Org1 password ROLE_ADMIN
user Org2 password ROLE_USER
disabled Org1 password ROLE_USER

There’s an extra user (“disabled”) with a disabled account to test that login fails with a correct username, org name, and password.

We also need to tweak an error message. The plugin’s i18n message bundle will display the error “Sorry, we were not able to find a user with that username and password” if the username, password, or organization are wrong. But we should include the organization in the message to indicate that it might have been wrong. To fix this, add this line to your application’s grails-app/i18n/messages.properties: springSecurity.errors.login.fail=Sorry, we were not able to find a user with that username, organization, and password.

To test this, log in as user ‘user’ with password ‘password’ but leave the organization name selected as ‘Org1’.

Note that since we’re not using the plugin’s UserDetailsService or Spring Security’s DaoAuthenticationProvider we don’t need the grails.plugins.springsecurity.userLookup.userDomainClassName, grails.plugins.springsecurity.userLookup.authorityJoinClassName, or
grails.plugins.springsecurity.authority.className properties added to Config.groovy by the s2-quickstart script. They’re commented out so you can switch back to the standard authentication approach by removing or commenting out the bean overrides in resources.groovy and the organization select box in auth.gsp.


The other significant customization I discussed was doing a custom post-logout redirect. It is possible to specify a spring-security-redirect request parameter when logging out, but this is too coarse an approach in general. If you need to use logic specific to the user, or something about the current authentication state, you need more control. So the sample application subclasses the default implementation of LogoutSuccessHandler, SimpleUrlLogoutSuccessHandler with hacking.logout.CustomLogoutSuccessHandler and registers it as the logoutSuccessHandler bean in resources.groovy.

The logic is contrived; if you’re in Organization ‘Org1’ you’re redirected to ‘http://yahoo.com’ and if you’re in Organization ‘Org2’ you’re redirected to ‘http://google.com’. Otherwise you’re redirected to the default location (‘/’ unless you’ve customized it with the grails.plugins.springsecurity.successHandler.defaultTargetUrl config attribute). But it shows an example of how you could use your own business logic to make a similar decision.

There’s one wrinkle here though; the only parameters for the overridden determineTargetUrl method are the HttpServletRequest and HttpServletResponse, but not the Authentication. And since this is the last step of the logout process, the user has already been logged out and the Authentication isn’t available from the request, springSecurityService, SecurityContextHolder, etc. But the public method (onLogoutSuccess) that calls this method has a parameter for the Authentication, so we save it in a ThreadLocal so it’s available for our override.


You can get the PDF of the presentation here, and the zip of the sample project here.

This Week in Grails (2011-48)

Monday, December 05th, 2011

There were some blocking issues in the 2.0 RC2 release, so we released RC3 on Friday. Please test this release – a lot of issues have been fixed and we’d like to make sure the 2.0 final release is as stable as possible.

Marc Palmer and I had some fun this week releasing and re-releasing the resources and spring-security-core plugins. Both plugins add filters to web.xml that need to be in particular positions, and if both were installed they would interfere with each other. So I added a feature to the webxml to handle filter-mapping reordering. There were some issues along the way but the latest versions should work well together.

If you haven’t gotten your ticket yet for the Groovy & Grails eXchange time is running out – it’s this week! I’ll be doing a new talk, “Hacking the Spring Security Plugin”, which will go into the details of how the plugin works and approaches you should use to customize its behavior and debug issues.


If you want to keep up with these “This Week in Grails” posts you can access them directly via their category link or in an RSS reader with the feed for just these posts.


Translations of this post:



Plugins

There were no new plugins released but 18 updated:

  • activiti version 5.8. Integrates the Activiti BPM Suite and workflow system
  • browser-detection version 0.3.1. Provides a service and tag library for browser detection
  • console-enhancements version 0.5. Enhances the grails console output for better visibility
  • cxf-client version 1.2.3. Use existing (or new) Apache CXF wsdl2java generated content to invoke SOAP services
  • gemfire version 1.0.0.M5. The GemFire plugin provides integration with the GemFire in-memory distributed data management platform.
  • grails-melody version 1.10. Integrates the JavaMelody system monitoring tool
  • gwt version 0.6.1. Incorporates GWT into Grails
  • mongodb version 1.0.0.RC2. Aims to provide an object-mapping layer on top of MongoDB
  • mongodb-morphia version 0.7.6. Alternative MongoDB GORM based on the Morphia library (former gorm-mongodb)
  • remote-pagination version 0.2.7. Provides tags for pagination and to sort columns without page refresh using Ajax and loads only the list of objects needed
  • resources version 1.1.3. A resource management and processing framework
  • rich-domain version 1.0.5. Provides dependency injection for POGOs that are not Grails domain classes
  • routing version 1.1.2. Send and route messages to a wide variety of destination endpoints directly from your Controllers and Services using Camel
  • spring-security-core version 1.2.6. The official Grails security plugin; integrates with Spring Security
  • spring-security-facebook version 0.4. Plugin for Facebook Authentication, as extension to Grails Spring Security Core plugin
  • spring-security-saml version 1.0.0.M9. SAML 2.x support for the Spring Security Plugin
  • uploadr version 0.5.5. HTML5 Drag and Drop file uploader
  • webxml version 1.4. Add additional features to your web.xml, such as Filters, Config Listeners or Context Parameter definitions

Interesting Tweets

Jobs



User groups and Conferences



Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.