SpringOne 2GX Sample Apps – Spring Security Basic Auth Login

This is the third in a series of posts making the demo applications that I used for my SpringOne 2GX presentations available. I’ll describe here how to create a Grails application using the Spring Security plugin that authenticates users with HTTP Basic Auth. This was used in the Demystifying Spring Security in Grails talk (you can download the presentation here).

Also refer to the plugin documentation for other tutorials here.

To create an application that authenticates users using HTTP Basic Auth, run

grails create-app springone2gx_basic
cd springone2gx_basic

To make classpath management simpler in Eclipse/STS I create a grails-app/conf/BuildConfig.groovy (in Grails 1.1 apps; in 1.2 this is done for you) with the line


to keep plugins in the project root like in 1.0.x but this is optional.

Next install the plugin:

grails install-plugin acegi

Run the create-auth-domains script to generate the person, authority, and request map domain classes and also grails-app/conf/SecurityConfig.groovy:

grails create-auth-domains com.burtbeckwith.springone2gx.User com.burtbeckwith.springone2gx.Role com.burtbeckwith.springone2gx.Requestmap

The other two scripts that the plugin provides are optional and create CRUD pages (generate-manager) and basic user registration (generate-registration). It’s a good idea to run generate-manager; run generate-registration if it’s useful to you.

grails generate-manager

Unlike the previous two posts, we’ll use database Requestmap entries to secure the application in grails-app/conf/SecurityConfig.groovy:

security {

   active = true

   loginUserDomainClass = 'com.burtbeckwith.springone2gx.User'
   authorityDomainClass = 'com.burtbeckwith.springone2gx.Role'
   requestMapClass = 'com.burtbeckwith.springone2gx.Requestmap'

In Eclipse or STS the steps to configure the classpath are:

  • add PLUGIN_DIR/src/groovy as a source folder
  • add PLUGIN_DIR/src/java as a source folder
  • add PLUGIN_DIR/grails-app/services as a source folder
  • add these jars from PLUGIN_DIR/lib
    • facebook-java-api-2.0.4.jar
    • jcifs-1.2.25.jar
    • spring-ldap-1.2.1.jar
    • spring-ldap-tiger-1.2.1.jar
    • spring-security-core-2.0.4.jar
    • spring-security-core-tiger-2.0.4.jar
    • spring-security-ntlm-2.0.4.jar
    • spring-security-openid-2.0.4.jar

Having done all that, let’s create a secured controller:

grails create-controller secure

but we omit annotations since we’re using Requestmaps:

class SecureController {

   def index = {
      render 'Secure access only'

Let’s create a user and a request map entry in BootStrap:

import com.burtbeckwith.springone2gx.Requestmap
import com.burtbeckwith.springone2gx.Role
import com.burtbeckwith.springone2gx.User

class BootStrap {

   def passwordEncoder

   def init = { servletContext ->

      def adminRole = new Role(description: 'Admin', authority: 'ROLE_ADMIN').save()
      String password = passwordEncoder.encodePassword('p4ssw0rd', null)
      def user = new User(username: 'admin', userRealName: 'me', passwd: password,
            enabled: true, email: 'admin@admin.com').save()
      adminRole.addToPeople user

      new Requestmap(url: '/secure/**',
                     configAttribute: 'ROLE_ADMIN').save(flush: true)

   def destroy = {}

Next lets configure Basic auth. We enable Basic auth using the basicProcessingFilter attribute and need to set a realm name:

security {

   active = true

   loginUserDomainClass = 'User'
   authorityDomainClass = 'Role'
   requestMapClass = 'Requestmap'
   basicProcessingFilter = true
   realmName = 'springone2gx'

There’s a small bug in the plugin (which will be fixed in the next release) that requires a tweak in grails-app/conf/spring/resources.groovy:

import org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint

beans = {
   authenticationEntryPoint(BasicProcessingFilterEntryPoint) {
      realmName = 'springone2gx'

The realm name has to match the value specified in SecurityConfig.groovy.

Start the app using

grails run-app

and open http://localhost:8080/springone2gx_basic/secure/ in a browser and it should prompt you to login with a familiar browser popup – use the username and password from the user created in BootStrap to login.

You can download a finished application based on this discussion here

Comments are closed.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.