In this talk I will cover how to create a REST API using Grails 2.3 to support single-page applications, exploring all the possible alternatives.
Code is available at https://github.com/alvarosanchez/restful-grails-springsecurity-greach2014
I will also explain how to integrate Spring Security using the spring-security-rest plugin I recently created, to implement a stateless, token-based, RESTful authentication.
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Creating RESTful API’s with Grails and Spring Security
1. Creating RESTful API’s
with Grails and Spring
Security
Álvaro Sánchez-Mariscal
Web Architect – odobo
!
@alvaro_sanchez
2. About me
• Passionate software developer.
• Founded Salenda in 2005.
• Co-founded Escuela de Groovy in 2009.
• Groovy/Grails lover since 2007.
• Working now at Odobo as Web Architect.
3. • HTML5 games platform for:
• Game developers.
• Casinos.
• Check out https://play.odobo.com and try
for free!
6. Different approaches
• Creating explicitly a controller and
extending RestfulController.
• Defining just the constructor.
• Implementing actions based on the URL
mappings report.
11. Adding Spring Security
Motivation: we need to break down the
traditional, monolithic Grails applications, in
2 different apps:
1. A pure HTML5/Javascript frontend.
2. A mere RESTful Grails backend.
12. Adding Spring Security
Issue: The existing Spring Security plugins
would not work with a RESTful, browser-
based client.
20. Authentication Endpoint
• Uses the default
authenticationManager bean,
which in turn uses all the registered
authentication providers.
• Receives username and password, and
generates a customizable JSON
response.
22. Token Generation
• 2 strategies out-of-the-box:
1. Using java.security.SecureRandom
(default).
2. Using java.util.UUID.
• A custom implementation can be
plugged.
25. Token Validation
• If the token header (X-Auth-Token by
default) is present, the request will be
validated.
• Otherwise, the plugin won’t participate in
the filter chain.
26. Token Validation
• If the passed token exists on the token
storage, the principal will be stored on
the security context.
• It can be retrieved using
springSecurityService.principal
27. CORS support
• Grails doesn’t support CORS (vote for
GRAILS-10914).
• This plugin comes prepackaged with cors
plugin.