Spring Security on Grails and Tomcat Security with Realms
I am on the current Grails version 1.3.7, programming against a legacy DB schema on a pretty recent version of mySQL. There are tables for the user
and the roles
and a third table to link the two in m2m fashion roles_has_user
. In principle this is fine and the grails way, but one interesting thing to note is that the table roles_has_user
has two columns: username VARCHAR(20)
and rolename VARCHAR(20)
. I need this table structure as it is for another application to be able to use Tomcats own auth-mechanism to secure some webservice calls.
This seems to be a problem: first thing is i cant seem to get the m2m mapping of my domain classes correct. Could someone please point me to somewhere explaining the use of something other than the PK ID-field (even if it is a generated / custom ID) as a FK in grails m2m?
The second problem is me getting a little worried that i am never going to make this play with spring security, has anyone ever (successfully) attempted to do this?
There might be the option of mapping the relationship via an other (new) table and then changing the CRUD controllers to mirror the relationships in the roles_has_user
table using the neccessary String-fields username VARCHAR(20)
and rolename VARCHAR(20)
开发者_Python百科. But this sounds clunky...
Thanks for you time and please advise... if you need further information please just ask for it, i will try to be as clear as possible.
Probably the best option is to normalize your data model with surrogate keys (i.e. integer id values).
If that's not an option, I would try making a static mapping for id. Something like:
id generator: 'assigned', name: 'username', type: 'string'
Then add hasMany / hasMany+belongsTo on the domain objects.
You'll probably also need to specify a custom many-to-many mapping for your join table and join column.
static mapping = {
roles column:'username', joinTable:'ROLES_HAS_USER'
}
This isn't a complete working solution, but hopefully it gets you on the right path. If you run into problems post the code so we have something concrete to look at.
The second problem is me getting a little worried that i am never going to make this play with spring security, has anyone ever (successfully) attempted to do this?
Once you know how, it's easy to integrate the Spring Security plugin with legacy User/Role data. By "legacy" I mean the User and Role classes are not created using the Spring Security plugin, and may not even be Grails domain classes.
The steps are:
- define a
UserDetails
implementation that reads from the existingUser
domain class - define a custom
UserDetailsService
implementation that returns instances of (1) - register an instance of (2) as a Spring bean (e.g. in
resources.groovy
) nameduserDetailsService
.
Further details available here
精彩评论