You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by Bradley Beddoes <br...@gmail.com> on 2009/05/20 06:10:46 UTC

Grails plugin for Ki

Hi Folks,I've been talking Les and Peter about making the Ki APi available
to Grails users for the past few days and I've got something to show now as
a direct port from the previous JSecurity plugin.

You can grab the code and an example grails app on Github
http://github.com/intientoss/grails-ki/tree/master

There is a readme with the example application to show you how to get it up
and running incase you folks haven't had much experience in the grails area.

All seems to be working fine except the following:

* It seems like RequiresRoles and RequiresPermissions annotations don't work
on Grails Actions (so groovy closures) and I assume in Services etc. This is
something I'd really like to see support for ASAP. I've started to look into
how you folks do your various annotation processing and I believe i have my
Spring configuration setup correctly but I've had no luck. I did catch a
note from Peter that said Ki annotations only work on methods (seems to be
the case) but that groovy closures are infact fields. All spring
configuration is done using the Grails Spring DSL in the file
http://github.com/intientoss/grails-ki/blob/46609a0030916d84357f41c80b2623baaf1eb546/plugin/KiGrailsPlugin.groovy

* Grails reloads various spring beans which changes are made to components
during development runtime. When this happens and I have the destroy method
configured for DefaultWebSecurityManager I get the following:

java.lang.NullPointerException

at
org.apache.ki.mgt.SessionsSecurityManager.setAttribute(SessionsSecurityManager.java:332)

at
org.apache.ki.session.mgt.DelegatingSession.setAttribute(DelegatingSession.java:222)

at
org.apache.ki.session.ProxiedSession.setAttribute(ProxiedSession.java:130)

at
org.apache.ki.mgt.SessionSubjectBinder.bindToSession(SessionSubjectBinder.java:88)

at org.apache.ki.mgt.SessionSubjectBinder.bind(SessionSubjectBinder.java:80)

at
org.apache.ki.mgt.DefaultSecurityManager.bind(DefaultSecurityManager.java:251)

at
org.apache.ki.mgt.DefaultSecurityManager.getSubject(DefaultSecurityManager.java:443)

at
org.apache.ki.mgt.DefaultSecurityManager.getSubject(DefaultSecurityManager.java:449)

at org.apache.ki.web.servlet.KiFilter.bind(KiFilter.java:447)


If the team here can provide any assistance into getting these issues
corrected I've be very appreciative, ideally I'd like to see JSecuriy/Ki/???
be the number one choice for security in the Grails world.


cheers,

Bradley

Re: Grails plugin for Ki

Posted by Les Hazlewood <lh...@apache.org>.

Hi Bradley,

The stack trace you pointed out occurs when the internal SessionManager
instance has been destroyed and 'nulled out', which happens when you call
securityManager.destroy();

After a SecurityManager (and its internal delegate components) are
destroyed, it is not expected that the same exact instance would be used
again.

Is there a way to tell Grails to just instantiate it again?  Or, if not and
you'd rather have init() methods that can be called (I'm assuming Grails
would call init() after it changes settings if it does not re-instantiate
the bean), please open a Jira issue and we might be able to add that.

As to Grails and the annotations, I unfortunately can't answer those
questions - I don't know how Grails internals work :/

Cheers,

Les

On Wed, May 20, 2009 at 12:10 AM, Bradley Beddoes
<br...@gmail.com>wrote:

> Hi Folks,I've been talking Les and Peter about making the Ki APi available
> to Grails users for the past few days and I've got something to show now as
> a direct port from the previous JSecurity plugin.
>
> You can grab the code and an example grails app on Github
> http://github.com/intientoss/grails-ki/tree/master
>
> There is a readme with the example application to show you how to get it up
> and running incase you folks haven't had much experience in the grails
> area.
>
> All seems to be working fine except the following:
>
> * It seems like RequiresRoles and RequiresPermissions annotations don't
> work
> on Grails Actions (so groovy closures) and I assume in Services etc. This
> is
> something I'd really like to see support for ASAP. I've started to look
> into
> how you folks do your various annotation processing and I believe i have my
> Spring configuration setup correctly but I've had no luck. I did catch a
> note from Peter that said Ki annotations only work on methods (seems to be
> the case) but that groovy closures are infact fields. All spring
> configuration is done using the Grails Spring DSL in the file
>
> http://github.com/intientoss/grails-ki/blob/46609a0030916d84357f41c80b2623baaf1eb546/plugin/KiGrailsPlugin.groovy
>
> * Grails reloads various spring beans which changes are made to components
> during development runtime. When this happens and I have the destroy method
> configured for DefaultWebSecurityManager I get the following:
>
> java.lang.NullPointerException
>
> at
>
> org.apache.ki.mgt.SessionsSecurityManager.setAttribute(SessionsSecurityManager.java:332)
>
> at
>
> org.apache.ki.session.mgt.DelegatingSession.setAttribute(DelegatingSession.java:222)
>
> at
> org.apache.ki.session.ProxiedSession.setAttribute(ProxiedSession.java:130)
>
> at
>
> org.apache.ki.mgt.SessionSubjectBinder.bindToSession(SessionSubjectBinder.java:88)
>
> at
> org.apache.ki.mgt.SessionSubjectBinder.bind(SessionSubjectBinder.java:80)
>
> at
>
> org.apache.ki.mgt.DefaultSecurityManager.bind(DefaultSecurityManager.java:251)
>
> at
>
> org.apache.ki.mgt.DefaultSecurityManager.getSubject(DefaultSecurityManager.java:443)
>
> at
>
> org.apache.ki.mgt.DefaultSecurityManager.getSubject(DefaultSecurityManager.java:449)
>
> at org.apache.ki.web.servlet.KiFilter.bind(KiFilter.java:447)
>
>
> If the team here can provide any assistance into getting these issues
> corrected I've be very appreciative, ideally I'd like to see
> JSecuriy/Ki/???
> be the number one choice for security in the Grails world.
>
>
> cheers,
>
> Bradley
>