Setting up Grails to work with JEE role based authentication

Using JEE role based authentication with the Grails framework

JEE role based security provides a means of controlling access to resources configured at the application server level. On some larger projects or within corporations this type of access control may be mandated. Due to the fact that the application server controls the security, several applications can share the same realm and therefore share the same credentials, this can be a big plus on large websites, spanning multiple applications.

If you are not familiar with role based authentication look at Using Role based security and tomcat realm how to. Also note that Grails has other options for handling security including the ones listed here grails security plug-ins.

In order to use role based authentication with Grails, several changes are required. Unfortunately one of the cases requires that the actual runtime be changed. However, this change is very straightforward and documented here. Note any references to grailshome, actually refer to the directory where Grails itself is installed and not a Grails project.

Change the Grails deployment to add a user realm.

First we need to change the grails runtime, in order to add a HashUserRealm by editing (Grails 1.0 RunApp.groovy) (Grails 1.1 - not possible) then making the following changes:

Change the import block as follows

Change the core of the file as follows:

Step 1: Backup any fies before changing them!

Grails 1.0: Move down to the target called RunApp, the line starts "target ( runApp", and place the code below after the server variable is defined.

Grails 1.1: I've not found a way to do this.

HashUserRealm myrealm = new HashUserRealm("default","null/conf/realm.properties");
server.setUserRealms((UserRealm[])[myrealm]);

Thanks to the following source, that got me up and running with role based security in embedded jetty, and able to make this page: How to configure security in embedded Jetty and Configuring realms in Jetty.

Add some users to the realm that we have created

Now that we have created the realm, we need to add at least one user to it. For development purposes a memory based realm with one or two users is probably sufficient. In order to set up users, change into the grailshome/conf directory and create a file called realm.properties in the following format:

username:password,role1,role2
#... add more users here ...

Now try starting up Grails and look near the top of the log around the point where it logs Running Grails application.., if you’ve got it right there will be no log entry complaining about a misconfigured realm. Next we look at how to get access to web.xml in Grails.