Hooking up Platform Core Security API to your Security Provider

by Marc Palmer in


So, now that the abstracted Security API of Platform Core is publicly available, it would seem a good time to show an example of how you would hook this up to a security provider. The Platform Core Security API provides methods and tags that give plugins and your application access to  hitherto painful to obtain information about the currently logged in user and security UI functions like logging out. The beauty is that you have a single API to call in to, no matter whether the application author is using Spring Security, Shiro or any other authentication provider.

In future it is likely most if not all security plugins for Grails will include the bridge required to do this, but its early days so we have to roll this ourselves at the moment.

It is however very simple. Let's write one for Spring Security. The steps required are:

  1. Create a bean that implements the SecurityBridge interface of the Security API
  2. Register this in the bean context as "grailsSecurityBridge"
  3. There is no step 3

So here's a sample implementation of the SecurityBridge using Spring Security:

https://gist.github.com/2225545

Notice that you would need to change this to point at your own auth controller.

After that you just need to register this in your application context as the "grailsSecurityBridge" bean. For an application this means a declaration in resources.groovy, for a plugin this means a declaration in doWithSpring. Both would look something like this:

https://gist.github.com/2225569

Next you run your app and start using the Security API tags and methods with impunity!