search

splix / grails-spring-security-twitter

Twitter Authentication plugin for Grails
Other
11 stars 12 forks source link

Core Spring Security username appears incorrect #3

Closed leopoldodonnell closed 13 years ago

leopoldodonnell commented 13 years ago

The following snippet in layouts/main.gsp

twitterAuth:button/ sec:ifLoggedInWelcome back sec:username//sec:ifLoggedIn produces: Welcome back com.mycompany.myproject.User: 1 where: grails.plugins.springsecurity.userLookup.userDomainClassName = 'com.mycompany.myproject.User' I would have expected the sec:username tag to return the same value as username from the User class as it would in the default core implementation. I can't see where this might be assigned incorrectly from a quick review of the plugin source. Note I am using Grails 2.0.0.M2 - its unlikely the problem, but who knows.
splix commented 13 years ago

Actually it's good question, and I know answer. It's because principal returned by TwitterAuthDao is returning an object that's didn't implements UserDetails interface (or Principal interface).

But it's depends on your concrete configuration/implementation. Default DAO (class DefaultConnectedTwitterAuthDao) just returns your user object (that have a relations to your TwitterUserDomain). At that case, it's enought to make your user domain class (Person by default) to implements UserDetails interface.

Btw, i'm not sure that it's a issue. Definetly, it must be described at documentation. But i'm not sure what can I do else. I can add an requirement/assertion that getPrincipal is returning an UserDetails implementation, but i'm not sure that it good idea, it makes it less flexible

Thanks, Igor

leopoldodonnell commented 13 years ago

Hey thanks Igor,

Every time I try to get going with SpringSecurity I feel like the biggest idiot...

I think I see that in the default implementation I get the User field from TwitterUser - right?

I did as you suggested and had my User class implement UserDetails - if you'd like to update your docs I needed to do the following:

Modify the class used by grails.plugins.springsecurity.userLookup.userDomainClassName implement org.springframework.security.core.userdetails.UserDetails. This will require that you modify the plugin generated getAuthorities method and add a few others. For example:

class User implements UserDetails {

transient springSecurityService

String username
String password
boolean enabled
boolean accountExpired
boolean accountLocked
boolean passwordExpired

    /* skipping the other stuff here */

    /* add these to satisfy the Interface */
boolean isAccountNonExpired() { acountExperied == false }
boolean isCredentialsNonExpired() { passwordExpred == false }
boolean isAccountNonLocked() { accountLocked == false }

    /* change the signature to match the Interface */
Collection<GrantedAuthority> getAuthorities() {
    UserRole.findAllByUser(this).collect { it.role } as Set
}

Then in your class referred to by grails.plugins.springsecurity.authority.className, you modify it to implement GrantedAuthority. The generated class already has an authority member, so all you'll have to do is import the and add an implements statement for GrantedAuthority.

On an semi-related issue - will this plugin work well with your Facebook plugin?

splix commented 13 years ago

Hey Leopold,

Ok, very good. I'll add this into docs. Thank you.

As about facebook plugin, i've just realized that there is an incompatibility (i didn't tried to use both of them at same time). I'm going to fix it today. Thank you for notice

Best, Igor