Comments on: Custom Authentication Schemes with Grails and JSecurity http://www.jakusys.de/blog/2008/08/custom-authentication-schemes-with-grails-and-jsecurity/ Ninja Coding Monkey goes Canada Fri, 19 Feb 2010 10:58:13 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Alex http://www.jakusys.de/blog/2008/08/custom-authentication-schemes-with-grails-and-jsecurity/comment-page-1/#comment-12 Alex Thu, 14 Aug 2008 14:15:53 +0000 http://www.jakusys.de/blog/?p=118#comment-12 Your blog is interesting! Keep up the good work! Your blog is interesting!

Keep up the good work!

]]> By: ламинат http://www.jakusys.de/blog/2008/08/custom-authentication-schemes-with-grails-and-jsecurity/comment-page-1/#comment-11 ламинат Wed, 13 Aug 2008 17:34:41 +0000 http://www.jakusys.de/blog/?p=118#comment-11 asc Een plaatje zegt alles, toch ? cjb Het volledige rapport is hier te vinden. Lees natuurlijk o de blogposting. t u Thanks for interesting post! fat [url=http://skuper.ru]ламинат купить[/url] 7w asc Een plaatje zegt alles, toch ? cjb Het volledige rapport is hier te vinden. Lees natuurlijk o de blogposting. t u
Thanks for interesting post! fat
[url=http://skuper.ru]ламинат купить[/url] 7w

]]> By: Les Hazlewood http://www.jakusys.de/blog/2008/08/custom-authentication-schemes-with-grails-and-jsecurity/comment-page-1/#comment-9 Les Hazlewood Thu, 07 Aug 2008 13:57:06 +0000 http://www.jakusys.de/blog/?p=118#comment-9 Hi Kapil, Good write-up! Thanks for taking the time to do it. If you get a chance, please feel free to take what you've written and add it to the Grails wiki - it depends on nice folks like you to help make Grails life better for everyone ;) Best regards, Les Hi Kapil,

Good write-up! Thanks for taking the time to do it.

If you get a chance, please feel free to take what you’ve written and add it to the Grails wiki – it depends on nice folks like you to help make Grails life better for everyone ;)

Best regards,

Les

]]> By: Web 2.0 Announcer http://www.jakusys.de/blog/2008/08/custom-authentication-schemes-with-grails-and-jsecurity/comment-page-1/#comment-8 Web 2.0 Announcer Thu, 07 Aug 2008 09:12:44 +0000 http://www.jakusys.de/blog/?p=118#comment-8 <strong>Custom Authentication Schemes with Grails and JSecurity...</strong> [...]In my current software project a requirement is an authentication scheme consisting not of the usual user name an password, but user name, password and a store number. Each user name should be unique in for a store but could occur multiple times f... Custom Authentication Schemes with Grails and JSecurity…

[...]In my current software project a requirement is an authentication scheme consisting not of the usual user name an password, but user name, password and a store number. Each user name should be unique in for a store but could occur multiple times f…

]]> By: Kapil http://www.jakusys.de/blog/2008/08/custom-authentication-schemes-with-grails-and-jsecurity/comment-page-1/#comment-7 Kapil Wed, 06 Aug 2008 14:51:41 +0000 http://www.jakusys.de/blog/?p=118#comment-7 Never mind I found out that there is Grails-Plugins project and this is where I would post. Thanks Never mind I found out that there is Grails-Plugins project and this is where I would post. Thanks

]]> By: Kapil http://www.jakusys.de/blog/2008/08/custom-authentication-schemes-with-grails-and-jsecurity/comment-page-1/#comment-6 Kapil Wed, 06 Aug 2008 14:37:41 +0000 http://www.jakusys.de/blog/?p=118#comment-6 Hi Peter, I am very new to Grails (3 days) and do not yet know where exactly to submit the issues etc. Will it be http://jira.codehaus.org/browse/GRAILS ? or you have some issue tracker of your own for jsecurity. Pardon my lack of awareness. Regards Kapil Hi Peter,

I am very new to Grails (3 days) and do not yet know where exactly to submit the issues etc. Will it be http://jira.codehaus.org/browse/GRAILS ? or you have some issue tracker of your own for jsecurity. Pardon my lack of awareness.

Regards
Kapil

]]> By: Peter Ledbrook http://www.jakusys.de/blog/2008/08/custom-authentication-schemes-with-grails-and-jsecurity/comment-page-1/#comment-5 Peter Ledbrook Wed, 06 Aug 2008 10:23:30 +0000 http://www.jakusys.de/blog/?p=118#comment-5 Hi, First, nice post Jakob! Note that you could have the username and store number as separate principals, or combine the two into a single principal as you have already done. The principal can be any class. Recently the JSecurity API has changed a fair bit around this area, so there is now a PrincipalCollection class. I think the latest plugin has this since it uses a beta version of 0.9.0. I also need to update the plugin for the 0.9.0 RC1 release. Kapil, that looks like a bug. If a realm does not support a particular authentication token, it should not be queried during authentication. If you can, please raise an issue and attach an example project. Cheers, Peter Hi,

First, nice post Jakob! Note that you could have the username and store number as separate principals, or combine the two into a single principal as you have already done. The principal can be any class.

Recently the JSecurity API has changed a fair bit around this area, so there is now a PrincipalCollection class. I think the latest plugin has this since it uses a beta version of 0.9.0. I also need to update the plugin for the 0.9.0 RC1 release.

Kapil, that looks like a bug. If a realm does not support a particular authentication token, it should not be queried during authentication. If you can, please raise an issue and attach an example project.

Cheers,

Peter

]]> By: jakob.kuelzer http://www.jakusys.de/blog/2008/08/custom-authentication-schemes-with-grails-and-jsecurity/comment-page-1/#comment-4 jakob.kuelzer Wed, 06 Aug 2008 08:26:45 +0000 http://www.jakusys.de/blog/?p=118#comment-4 Hey Kapil, I think you are right about the token being passed around to all realms; I think they are trying to mimic PAM style authentication. I'm not sure about multiple realms, my understanding is that all realms in grails-app/realms get registered at application startup and are queried for authentication tokens. So if you have different AuthenticationTokens, you'll need different Realms that are responsible for them and perhaps a CredentialsMatcher. If i find some time, I'll write another post about this stuff. Cheers, Jakob Hey Kapil,
I think you are right about the token being passed around to all realms; I think they are trying to mimic PAM style authentication.
I’m not sure about multiple realms, my understanding is that all realms in grails-app/realms get registered at application startup and are queried for authentication tokens. So if you have different AuthenticationTokens, you’ll need different Realms that are responsible for them and perhaps a CredentialsMatcher.

If i find some time, I’ll write another post about this stuff.

Cheers,
Jakob

]]> By: Kapil http://www.jakusys.de/blog/2008/08/custom-authentication-schemes-with-grails-and-jsecurity/comment-page-1/#comment-3 Kapil Wed, 06 Aug 2008 08:01:30 +0000 http://www.jakusys.de/blog/?p=118#comment-3 I got it working. It seems like the default authentication strategy is that the token would be passed to all realms and all should succeed (which means token should be same). In the my config I specified jsecurity.authentication.strategy = new org.jsecurity.authc.pam.AtLeastOneSuccessfulModularAuthenticationStrategy() and this made it work. This means that the multiple token types and realms does not work. I got it working. It seems like the default authentication strategy is that the token would be passed to all realms and all should succeed (which means token should be same).

In the my config I specified

jsecurity.authentication.strategy = new org.jsecurity.authc.pam.AtLeastOneSuccessfulModularAuthenticationStrategy()

and this made it work. This means that the multiple token types and realms does not work.

]]> By: Kapil http://www.jakusys.de/blog/2008/08/custom-authentication-schemes-with-grails-and-jsecurity/comment-page-1/#comment-2 Kapil Wed, 06 Aug 2008 07:35:26 +0000 http://www.jakusys.de/blog/?p=118#comment-2 Thanks for this tip. I create a custom authentication token and a realm. The configuration I am looking for (and was thinking would work) is that I can have multiple tokens and multiple realms for e.g. JsecDbRealm has a token UsernameToken JsecMyRealm has a token MyauthToken Now in the AuthController, UsernameToken is constructed and passed to the jsecSecurityManager.login() method. I was hoping that only JsecDbRealm will be called but I get an AuthenticationException and do not see code entering neither in JsecDbRealm or JsecMyRealm Would appreciate if you could guide what I may be doing wrong. In brief I would like to support multiple tokens and multiple relams. One token type for one realm. Thanks Kapil Thanks for this tip. I create a custom authentication token and a realm. The configuration I am looking for (and was thinking would work) is that I can have multiple tokens and multiple realms for e.g.

JsecDbRealm has a token UsernameToken
JsecMyRealm has a token MyauthToken

Now in the AuthController, UsernameToken is constructed and passed to the jsecSecurityManager.login() method. I was hoping that only JsecDbRealm will be called but I get an AuthenticationException and do not see code entering neither in JsecDbRealm or JsecMyRealm

Would appreciate if you could guide what I may be doing wrong. In brief I would like to support multiple tokens and multiple relams. One token type for one realm.

Thanks
Kapil

]]>