Java, Spring

Fortifying your REST API using Spring security

Spring Security is a lightweight security framework that provides authentication and authorization support in order to secure Spring-based applications. It comes bundled with popular security algorithm implementations. I would cover a series of different topic related to spring security in my upcoming blogs. We will go through the...

by Bijoy Paul
Tag: spring security
24-Jan-2017

Application Security, Grails

How to Perform event on successful login via Spring Security in Grails

Some applications require to store and show last login of the user which is quite common. With this feature a user can verify the last login date and time upon successful login. I would like to explain this through a use case - One of the administrative application on Grails required to hold last login date and time of the user, so...

by Vaibhav Sharma
Tag: spring security
03-Jan-2017

Grails, Javascript/Ajax/JQuery

Restrict Ajax request caching in SpringSecurity

Spring Security has a nice feature of request caching. When user try to access secured resource without logging in into the system, spring security caches that request and redirect the user to the login page. After successful authentication it redirects user to that cached request. This works for both Ajax and non-ajax requests. To...

by Jitendra Singh
Tag: spring security
11-Feb-2016

AWS, Grails

Enable Grails application to serve resources through CDN

In a recent project we were required to move our static content files to some CDN because servers were getting millions of hits every hour and many of the resources on the main page were static (like JS/CSS/etc). I hope most of the people understand CDN already. So, I’m not covering any information on CDN fundamentals or how to set it...

by Salil
Tag: spring security
21-Oct-2015

Grails, Spring Events

When details in principal object of spring security are not sufficient

Sometimes we need to access details of current logged in user but that will be an additional database query. To save that query we can use principal object of Spring security which provides details of logged in user . But by default principal object have few fields like id, username and password. If we need to access user's name /...

by Lovin Saini
Tag: spring security
24-Jul-2015

Technology

Override login and logout of Spring Security in Grails

What if our use case is to perform any custom task for login and logout while keeping the beauty of spring security intact. My use case was to make a third party SOAP API call to perform login/logout sending user's detail as parameter. Override Login Write own Authentication Provider class that extends...

by Aman Mishra
Tag: spring security
23-Jul-2015

Grails

Restricting concurrent sessions for a single user using Grails and Spring Security

Restricting concurrent sessions for a single user is a very common requirement for any software tool which requires licensing based on number of users. You can read about how we can manage (or allow) concurrent sessions with Grails 2 using Spring security plugin in this awesome concise blog here. let us see how we can allow or...

by Dhanendra Kumar
Tag: spring security
04-Dec-2014

Grails

Spring Security Permission Based framework

In my recent project, I want to implement permission based framework with spring security grails plugin. What does permission based framework mean? We can create a ROLE at run time based on the permission given to the user. Most of the times, we use Spring security in a way where we pre-define the roles to be used in our apps. But...

by Mohit Garg
Tag: spring security
28-Apr-2014

Application Security, Grails

Spring Security & Grails: Cross domain authentication from HTTP to HTTPS

We were trying to implement SSL-based login and registration (i.e. HTTPS) in an e-commerce web application which was otherwise using the non-secure protocol (i.e. HTTP) for the entire website. Instead of moving the entire web application to SSL, which would have increased response times, we thought it would be best if only the...

by Roni C. Thomas
Tag: spring security
01-Oct-2013

Grails

Instance based login in spring security core

Spring security loads the roles of user from user role table based on all roles assigned to user and that role is application specific. But In my project i require to assign roles to user based on instance . So when the instance is changed roles should be changed .In grails we can overide the methods of plugin. So when instance change...

by Shaurav
Tag: spring security
26-Sep-2012

Grails

User-Role hierarchies in spring security

In most of our applications we are using spring security core plugin for the authentication process. We define some roles in that . Have your ever thought about assigning precedence to the roles. Like, You are having 3 roles defined in your application. i.e. ROLE_SUPER_ADMIN, ROLE_ADMIN ,ROLE_ATTENDEE. While using these roles i.e ...

by Robin
Tag: spring security
06-Sep-2012

Grails

Restricting Access To Plugin’s Classes With Spring Security

Many of Grails plugin like searchable  and console can prove to be really dangerous if access to their URLs is not blocked. After adding searchable plugin to my project, I realized that access to its controllers was not defined and was open for all. Now this was a major security concern. There are many ways of restricting access like...

by Hitesh Bhatia
Tag: spring security
03-May-2012