grails / grails-spring-security-core

Grails Spring Security Core Plugin
Apache License 2.0
261 stars 223 forks source link

Development environment configuration file application-development.groovy not documented #1012

Open snider32 opened 7 months ago

snider32 commented 7 months ago

Expected Behavior

I expected application.groovy to be adequate for a development environment build, with environment blocks withing that file to distinguish code intended specifically for a build.

Actual Behaviour

It turns out that application.groovy is ignored for a development environment build, and an application-development.groovy file is required instead. I was not able to find any documentation about this - certainly not in the Spring Security Core Plugin - Reference Documentation. I've spent an awful lot of time chasing what was going on.

Steps To Reproduce

Using a gradle.properties file with org.gradle.jvmargs=-Dfile.encoding=UTF-8 -Xmx1024M -Dgrails.env=dev

Environment Information

MacOS 12.7.4 grailsVersion=5.3.6 groovyVersion=3.0.11 org.grails.plugins:spring-security-core:5.3.0 jdk-17.jdk IntelliJ IDEA 2023.2.6 (Ultimate Edition)

Example Application

No response

Version

5.3.6

matrei commented 7 months ago

Hi @snider32, can you double-check that you have spelled everything correct in your application.groovy file? It works fine for me to use the environments block in application.groovy.

// grails-app/conf/application.groovy
environments {
    development {
        my.message = 'Hello, Development!'
    }
    production {
        my.message = 'Hello, Production!'
    }
}
// grails-app/init/g533app/Bootstrap.groovy
package g533app

import grails.core.GrailsApplication

class BootStrap {

    GrailsApplication grailsApplication

    def init = { servletContext ->
        println grailsApplication.config.getProperty('my.message', String, 'No message found!')
    }
}
snider32 commented 7 months ago

Hi matrei, Thanks for giving it a look. Maybe a different pair of eyes will see something I don't. Here's my last iteration of application.groovy before successfully using application-development.groovy (with my comments stripped):

grails.plugin.springsecurity.roleHierarchy = ''' ROLE_MPSTRUC_ADMIN > ROLE_MPSTRUC_EDIT ROLE_MPSTRUC_EDIT > ROLE_PROTO_MPSTRUC_ADMIN ROLE_PROTO_MPSTRUC_ADMIN > ROLE_PROTO_MPSTRUC_EDIT ''' grails.plugin.springsecurity.userLookup.userDomainClassName = 'blancousers2.BlancoUser' grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'blancousers2.BlancoUserBlancoRole' grails.plugin.springsecurity.authority.className = 'blancousers2.BlancoRole'

grails.plugin.springsecurity.rejectIfNoRule = true grails.plugin.springsecurity.fii.rejectPublicInvocations = false

grails.plugin.springsecurity.controllerAnnotations.staticRules = [ [pattern: '/', access: ['permitAll']], [pattern: '/', access: ['permitAll']], [pattern: '/error', access: ['permitAll']], [pattern: '/index', access: ['permitAll']], [pattern: '/index.gsp', access: ['permitAll']], [pattern: '/shutdown', access: ['permitAll']], [pattern: '/assets/', access: ['permitAll']], [pattern: '//js/', access: ['permitAll']], [pattern: '//css/', access: ['permitAll']], [pattern: '//images/', access: ['permitAll']], [pattern: '/**/favicon.ico', access: ['permitAll']] ]

grails.plugin.springsecurity.logout.postOnly = false

grails.plugin.springsecurity.securityConfigType = "Annotation"

grails.plugin.springsecurity.filterChain.chainMap = [ [pattern: '/assets/', filters: 'none'], [pattern: '//js/', filters: 'none'], [pattern: '//css/', filters: 'none'], [pattern: '//images/', filters: 'none'], [pattern: '//favicon.ico', filters: 'none'], [pattern: '/**', filters: 'JOINED_FILTERS'] ]

logging.level.org.springframework.security.web.FilterChainProxy=DEBUG

grails.plugin.springsecurity.useBasicAuth = true grails.plugin.springsecurity.basic.realmName = "Blanco Users"

grails.plugin.springsecurity.registerLoggerListener = true

environments { development { grails.plugin.springsecurity.useSecurityEventListener = true grails.plugin.springsecurity.dao.hideUserNotFoundExceptions = false

    grails.plugin.springsecurity.onAuthorizationEvent = { e, appCtx ->
        println("***** In application.groovy, onAuthorizationEvent, e: " + e)
    }
    grails.plugin.springsecurity.onInteractiveAuthenticationSuccessEvent = { e, appCtx ->
        println("***** In application.groovy, onInteractiveAuthenticationSuccessEvent, e: " + e)
    }

    grails.plugin.springsecurity.onAbstractAuthenticationFailureEvent = { e, appCtx ->
        println("***** In application.groovy, onAbstractAuthenticationFailureEvent, e: " + e)
    }

    grails.plugin.springsecurity.onAuthenticationSuccessEvent = { e, appCtx ->
        println("***** In application.groovy, onAuthenticationSuccessEvent, e: " + e)
    }
}
test {
    grails.plugin.springsecurity.dao.hideUserNotFoundExceptions = false
}
production {
    grails.plugin.springsecurity.dao.hideUserNotFoundExceptions = true
}

}

grails.plugin.springsecurity.onAuthorizationEvent = { e, appCtx -> println("***** In application.groovy, grails.plugin.springsecurity.onAuthorizationEvent(), e: " + e) }

puneetbehl commented 6 months ago

I am not completely sure but can you please try moving the following before the environments block:

grails.plugin.springsecurity.onAuthorizationEvent = { e, appCtx ->
    println("***** In application.groovy, grails.plugin.springsecurity.onAuthorizationEvent(), e: " + e)
}

Also, how are you sure that the configurations from application.groovy files are not loaded correctly.