Source

Grails Spring Security Taobao / SpringSecurityTaobaoGrailsPlugin.groovy

import java.util.List

import org.codehaus.groovy.grails.plugins.springsecurity.SecurityFilterPosition
import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
import org.springframework.security.core.session.SessionRegistryImpl
import org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy
import org.springframework.security.web.session.ConcurrentSessionFilter

import com.mingidea.security.taobao.*

class SpringSecurityTaobaoGrailsPlugin {
    // the plugin version
    def version = "0.3.3"
    // the version or versions of Grails the plugin is designed for
    def grailsVersion = "1.3.7 > *"
    // the other plugins this plugin depends on
    def dependsOn = [springSecurityCore: '1.1.2 > *']
    // resources that are excluded from plugin packaging
    List pluginExcludes = [
        'grails-app/domain/**',
        'grails-app/controllers/**',
        'grails-app/views/**',
        'docs/**',
        'src/docs/**'
    ]

    def author = "Simon Leung"
    def authorEmail = "simon.leung@mingidea.com"
    def title = "Taobao open authentication support for the Spring Security plugin."
    def description = "Taobao open authentication support for the Spring Security plugin."

    // URL to the plugin's documentation
    def documentation = "http://grails.org/plugin/spring-security-taobao"

    def doWithSpring = {
        def conf = SpringSecurityUtils.securityConfig
        if (!conf || !conf.active) {
            return
        }

        SpringSecurityUtils.loadSecondaryConfig 'DefaultTaobaoSecurityConfig'
        // have to get again after overlaying DefaultTaobaoSecurityConfig
        conf = SpringSecurityUtils.securityConfig

        if (!conf.taobao.active) {
            return
        }

        println 'Configuring Spring Security Taobao ...'

        SpringSecurityUtils.registerProvider 'taobaoAuthenticationProvider'
        SpringSecurityUtils.registerFilter 'taobaoAuthenticationFilter', SecurityFilterPosition.OPENID_FILTER
        SpringSecurityUtils.registerFilter 'concurrentSessionFilter', SecurityFilterPosition.CONCURRENT_SESSION_FILTER

        taobaoAuthenticationProvider(TaobaoAuthenticationProvider) {
            appSecretMap = conf.taobao.appSecretMap
            authenticationUserDetailsService = ref('taobaoAuthenticationUserDetailsService')
        }

        taobaoAuthenticationFilter(TaobaoAuthenticationProcessingFilter){
            authenticationManager = ref('authenticationManager')
            sessionAuthenticationStrategy = ref('sessionAuthenticationStrategy')
            
            //ref to grails spring security core plugin
            authenticationSuccessHandler = ref('authenticationSuccessHandler')
            authenticationFailureHandler = ref('authenticationFailureHandler')
            rememberMeServices = ref('rememberMeServices')
            allowSessionCreation = conf.apf.allowSessionCreation
        }

        taobaoAuthenticationUserDetailsService(TaobaoAuthenticationUserDetailsService) {
            grailsApplication = ref('grailsApplication')
        }
        
        sessionAuthenticationStrategy(ConcurrentSessionControlStrategy, ref('sessionRegistry')) {
            maximumSessions = conf.maxConcurrentSessions //default is -1 for unlimited sessions
        }
        
        concurrentSessionFilter(ConcurrentSessionFilter) {
            sessionRegistry = ref('sessionRegistry')
            expiredUrl = conf.expiredUrl
        }
        
        sessionRegistry(SessionRegistryImpl)
    }

    def doWithApplicationContext = { applicationContext ->
        def userDetailsService = applicationContext.getBean('taobaoAuthenticationUserDetailsService')
        if(!(userDetailsService instanceof TaobaoAuthenticationUserDetailsService)) {
            return  
        }
        def conf = SpringSecurityUtils.securityConfig
        if (!conf || !conf.active) {
            return
        }

        String userClassName = conf.userLookup.userDomainClassName
        def userClass = applicationContext.grailsApplication.getClassForName(userClassName)
        String taobaoAccountsPropertyName = conf.taobao.userLookup.accountsPropertyName
        if (userClass && taobaoAccountsPropertyName && !userClass.newInstance().hasProperty(taobaoAccountsPropertyName)) {
            println """
ERROR: Your configuration specifies

   grails.plugins.springsecurity.taobao.userLookup.accountsPropertyName='${taobaoAccountsPropertyName}'

for $conf.userLookup.userDomainClassName but there's no property with that name in your user class;
either add a hasMany for the OpenID strings:

   static hasMany = [${taobaoAccountsPropertyName}: TaobaoAccount]

or set the property to null in Config.groovy if you aren't supporting associating taobaoAccounts with local accounts.
"""

            // reset the property in case the user doesn't restart to avoid ugly exceptions
            conf.openid.userLookup.taobaoAccountsPropertyName = ''
        }
    }
}