Grails Spring Security using PreAuthenticated Authentication Provider

11:09 am

This was a tricky problem I've been trying to solve for a little while.

If your webserver is providing the authentication service then your application simply needs to read in the `remoteUser` value out of the request header and trust it. In Grails you can do this with the Spring Security Core plugin using a PreAuthenticatedAuthenticationProvider. But it requires some configuration.

Follow the regular Spring Security Core setup process with the following adjustments.

In Config.groovy, define the providers you want available:

grails.plugins.springsecurity.providerNames = ['preAuthenticatedAuthenticationProvider', 'anonymousAuthenticationProvider']


And we need to define that preAuthenticated provider as a bean.

In resources.groovy we need:

beans = {
userDetailsService(org.codehaus.groovy.grails.plugins.springsecurity.GormUserDetailsService) {
grailsApplication = ref('grailsApplication')
}

userDetailsByNameServiceWrapper(org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper) {
userDetailsService = ref('userDetailsService')
}

preAuthenticatedAuthenticationProvider(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider) {
preAuthenticatedUserDetailsService = userDetailsByNameServiceWrapper
}

requestHeaderAuthenticationFilter(org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter) {
principalRequestHeader = 'remoteUser'
authenticationManager = ref('authenticationManager')
}
}


And finally, in our BootStrap.groovy file we need to register the authentication filter:

import org.codehaus.groovy.grails.plugins.springsecurity.SecurityFilterPosition
import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils

class BootStrap {
def init = { servletContext ->
SpringSecurityUtils.clientRegisterFilter('requestHeaderAuthenticationFilter', SecurityFilterPosition.PRE_AUTH_FILTER)
}
}

While on a hike

May 22, 2011 4:07 pm

Yesterday I convinced Jess to go for a hike with me up at Del Valle Reservoir. It's a nice area just outside of the Livermore city limits. I haven't done anything outside in awhile beyond driving to/from work (or bicycling the same occasionally) and I wanted to be outside since it has been nice out.

So yesterday we drove out to the reservoir and did a short hike, about 1.2 miles. We stopped about halfway through and rested. While resting I took a bunch of pictures, none of which quite turned out how I had imagined. The wind was blowing rather strongly, so I thought it might be fun to try and get a picture of the tall, dry grass covering the hills blowing in the wind. Kind of like the kind of pictures you can get of water where it looks silky. Well, that didn't quite work out, it mostly looks like a blurry mess, but I was able to adjust one to look kind of nice. I used an oil painting effect to get a somewhat impressionist version of the hillside. It looks okay, but there's nowhere really for your eye to settle.
IMGP4804_cropped_sAs we began hiking again we passed a bunch of thistles. We happened upon one that was growing all by itself which presented a nice opportunity to get it isolated from the background. As I mentioned, the wind was blowing so I didn't have much control of the exposure besides cranking the shutter speed up as fast as it would go in order to keep it from blurring. This also meant I needed to bump up the ISO, so the shot came out a little bit grainy, but I think it still looks pretty good:
IMGP4859_sharpenedAfter the hike we stopped at Wienerschnitzel for some ice-cream. On our way to the reservoir we had seen that they were selling 79-cent soft-serve ice-cream cones. Jess, however, opted for a caramel sundae instead. Regardless, the ice-cream was good. I would be more than happy to make a regular thing of hiking / photographing for 1.5-2 hours and then getting ice-cream.