inicio

Author: Diego Silva

.gitignore

@@ -8,3 +8,5 @@ target
 /plugins
 /web-app/plugins
 /web-app/WEB-INF/classes
+.classpath
+.project

application.properties

@@ -0,0 +1,10 @@
+#Grails Metadata file
+#Thu Nov 01 15:13:53 BRST 2012
+app.grails.version=2.1.1
+app.name=hacking_london
+app.servlet.version=2.4
+app.version=0.1
+plugins.hibernate=2.1.1
+plugins.spring-security-core=1.2.6
+plugins.svn=1.0.0.M1
+plugins.tomcat=2.1.1

grails-app/conf/BootStrap.groovy

@@ -0,0 +1,30 @@
+import hacking.OrgUser
+import hacking.Organization
+import hacking.Role
+import hacking.User
+import hacking.UserRole
+
+class BootStrap {
+
+	def init = { servletContext ->
+		def adminRole = Role.findByAuthority('ROLE_ADMIN') ?: new Role(authority: 'ROLE_ADMIN').save()
+		def userRole = Role.findByAuthority('ROLE_USER') ?: new Role(authority: 'ROLE_USER').save()
+
+		def org1 = Organization.findByName('Org1') ?: new Organization(name: 'Org1').save()
+		def org2 = Organization.findByName('Org2') ?: new Organization(name: 'Org2').save()
+
+		if (!User.count()) {
+			def admin = new User(username: 'admin', password: 'password', enabled: true).save()
+			new OrgUser(user: admin, organization: org1).save()
+			UserRole.create admin, adminRole
+
+			def user = new User(username: 'user', password: 'password', enabled: true).save()
+			new OrgUser(user: user, organization: org2).save()
+			UserRole.create user, userRole
+
+			def disabledUser = new User(username: 'disabled', password: 'password').save()
+			new OrgUser(user: disabledUser, organization: org1).save()
+			UserRole.create disabledUser, userRole
+		}
+	}
+}

grails-app/conf/BuildConfig.groovy

@@ -0,0 +1,16 @@
+grails.project.work.dir = 'target'
+
+grails.project.dependency.resolution = {
+
+	inherits 'global'
+	log 'warn'
+
+	repositories {
+		grailsPlugins()
+		grailsHome()
+		grailsCentral()
+	}
+
+	dependencies {}
+}
+

grails-app/conf/Config.groovy

@@ -0,0 +1,45 @@
+grails.project.groupId = appName
+grails.mime.file.extensions = false
+grails.mime.use.accept.header = false
+grails.mime.types = [
+	html: ['text/html','application/xhtml+xml'],
+	xml: ['text/xml', 'application/xml'],
+	text: 'text/plain',
+	js: 'text/javascript',
+	rss: 'application/rss+xml',
+	atom: 'application/atom+xml',
+	css: 'text/css',
+	csv: 'text/csv',
+	all: '*/*',
+	json: ['application/json','text/json'],
+	form: 'application/x-www-form-urlencoded',
+	multipartForm: 'multipart/form-data'
+]
+
+grails.views.default.codec = 'none'
+grails.views.gsp.encoding = 'UTF-8'
+grails.converters.encoding = 'UTF-8'
+grails.views.gsp.sitemesh.preprocess = true
+grails.scaffolding.templates.domainSuffix = 'Instance'
+grails.json.legacy.builder = false
+grails.enable.native2ascii = true
+grails.logging.jul.usebridge = true
+grails.spring.bean.packages = []
+
+environments {
+	development {}
+	test {}
+	production {}
+}
+
+log4j = {
+	error 'org.codehaus.groovy.grails',
+	      'org.springframework',
+	      'org.hibernate',
+	      'net.sf.ehcache.hibernate'
+}
+
+// Added by the Spring Security Core plugin:
+//grails.plugins.springsecurity.userLookup.userDomainClassName = 'hacking.User'
+//grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'hacking.UserRole'
+//grails.plugins.springsecurity.authority.className = 'hacking.Role'

grails-app/conf/DataSource.groovy

@@ -0,0 +1,32 @@
+dataSource {
+	pooled = true
+	driverClassName = 'org.hsqldb.jdbcDriver'
+	username = 'sa'
+	password = ''
+}
+hibernate {
+	cache.use_second_level_cache = true
+	cache.use_query_cache = true
+	cache.provider_class = 'net.sf.ehcache.hibernate.EhCacheProvider'
+}
+
+environments {
+	development {
+		dataSource {
+			dbCreate = 'create-drop'
+			url = 'jdbc:hsqldb:mem:devDB'
+		}
+	}
+	test {
+		dataSource {
+			dbCreate = 'update'
+			url = 'jdbc:hsqldb:mem:testDb'
+		}
+	}
+	production {
+		dataSource {
+			dbCreate = 'update'
+			url = 'jdbc:hsqldb:file:prodDb;shutdown=true'
+		}
+	}
+}

grails-app/conf/UrlMappings.groovy

@@ -0,0 +1,13 @@
+class UrlMappings {
+
+	static mappings = {
+		"/$controller/$action?/$id?"{
+			constraints {
+				// apply constraints here
+			}
+		}
+
+		"/"(view:"/index")
+		"500"(view:'/error')
+	}
+}

grails-app/conf/hibernate/.gitignore

@@ -0,0 +1,40 @@
+import hacking.extralogin.auth.OrganizationAuthenticationProvider
+import hacking.extralogin.ui.OrganizationFilter
+import hacking.logout.CustomLogoutSuccessHandler
+
+import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
+
+beans = {
+
+	def conf = SpringSecurityUtils.securityConfig
+
+	// custom authentication
+	authenticationProcessingFilter(OrganizationFilter) {
+		authenticationManager = ref('authenticationManager')
+		sessionAuthenticationStrategy = ref('sessionAuthenticationStrategy')
+		authenticationSuccessHandler = ref('authenticationSuccessHandler')
+		authenticationFailureHandler = ref('authenticationFailureHandler')
+		rememberMeServices = ref('rememberMeServices')
+		authenticationDetailsSource = ref('authenticationDetailsSource')
+		filterProcessesUrl = conf.apf.filterProcessesUrl
+		usernameParameter = conf.apf.usernameParameter
+		passwordParameter = conf.apf.passwordParameter
+		continueChainBeforeSuccessfulAuthentication = conf.apf.continueChainBeforeSuccessfulAuthentication
+		allowSessionCreation = conf.apf.allowSessionCreation
+		postOnly = conf.apf.postOnly
+	}
+
+	// custom authentication
+	daoAuthenticationProvider(OrganizationAuthenticationProvider) {
+		passwordEncoder = ref('passwordEncoder')
+		saltSource = ref('saltSource')
+		preAuthenticationChecks = ref('preAuthenticationChecks')
+		postAuthenticationChecks = ref('postAuthenticationChecks')
+	}
+
+	// custom logout redirect
+	logoutSuccessHandler(CustomLogoutSuccessHandler) {
+		redirectStrategy = ref('redirectStrategy')
+		defaultTargetUrl = conf.logout.afterLogoutUrl
+	}
+}

grails-app/conf/spring/resources.groovy

@@ -0,0 +1,134 @@
+import grails.converters.JSON
+
+import javax.servlet.http.HttpServletResponse
+
+import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
+
+import org.springframework.security.authentication.AccountExpiredException
+import org.springframework.security.authentication.CredentialsExpiredException
+import org.springframework.security.authentication.DisabledException
+import org.springframework.security.authentication.LockedException
+import org.springframework.security.core.context.SecurityContextHolder as SCH
+import org.springframework.security.web.WebAttributes
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
+
+class LoginController {
+
+	/**
+	 * Dependency injection for the authenticationTrustResolver.
+	 */
+	def authenticationTrustResolver
+
+	/**
+	 * Dependency injection for the springSecurityService.
+	 */
+	def springSecurityService
+
+	/**
+	 * Default action; redirects to 'defaultTargetUrl' if logged in, /login/auth otherwise.
+	 */
+	def index = {
+		if (springSecurityService.isLoggedIn()) {
+			redirect uri: SpringSecurityUtils.securityConfig.successHandler.defaultTargetUrl
+		}
+		else {
+			redirect action: 'auth', params: params
+		}
+	}
+
+	/**
+	 * Show the login page.
+	 */
+	def auth = {
+
+		def config = SpringSecurityUtils.securityConfig
+
+		if (springSecurityService.isLoggedIn()) {
+			redirect uri: config.successHandler.defaultTargetUrl
+			return
+		}
+
+		String view = 'auth'
+		String postUrl = "${request.contextPath}${config.apf.filterProcessesUrl}"
+		render view: view, model: [postUrl: postUrl,
+		                           rememberMeParameter: config.rememberMe.parameter]
+	}
+
+	/**
+	 * The redirect action for Ajax requests.
+	 */
+	def authAjax = {
+		response.setHeader 'Location', SpringSecurityUtils.securityConfig.auth.ajaxLoginFormUrl
+		response.sendError HttpServletResponse.SC_UNAUTHORIZED
+	}
+
+	/**
+	 * Show denied page.
+	 */
+	def denied = {
+		if (springSecurityService.isLoggedIn() &&
+				authenticationTrustResolver.isRememberMe(SCH.context?.authentication)) {
+			// have cookie but the page is guarded with IS_AUTHENTICATED_FULLY
+			redirect action: 'full', params: params
+		}
+	}
+
+	/**
+	 * Login page for users with a remember-me cookie but accessing a IS_AUTHENTICATED_FULLY page.
+	 */
+	def full = {
+		def config = SpringSecurityUtils.securityConfig
+		render view: 'auth', params: params,
+			model: [hasCookie: authenticationTrustResolver.isRememberMe(SCH.context?.authentication),
+			        postUrl: "${request.contextPath}${config.apf.filterProcessesUrl}"]
+	}
+
+	/**
+	 * Callback after a failed login. Redirects to the auth page with a warning message.
+	 */
+	def authfail = {
+
+		def username = session[UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY]
+		String msg = ''
+		def exception = session[WebAttributes.AUTHENTICATION_EXCEPTION]
+		if (exception) {
+			if (exception instanceof AccountExpiredException) {
+				msg = g.message(code: "springSecurity.errors.login.expired")
+			}
+			else if (exception instanceof CredentialsExpiredException) {
+				msg = g.message(code: "springSecurity.errors.login.passwordExpired")
+			}
+			else if (exception instanceof DisabledException) {
+				msg = g.message(code: "springSecurity.errors.login.disabled")
+			}
+			else if (exception instanceof LockedException) {
+				msg = g.message(code: "springSecurity.errors.login.locked")
+			}
+			else {
+				msg = g.message(code: "springSecurity.errors.login.fail")
+			}
+		}
+
+		if (springSecurityService.isAjax(request)) {
+			render([error: msg] as JSON)
+		}
+		else {
+			flash.message = msg
+			redirect action: 'auth', params: params
+		}
+	}
+
+	/**
+	 * The Ajax success redirect url.
+	 */
+	def ajaxSuccess = {
+		render([success: true, username: springSecurityService.authentication.name] as JSON)
+	}
+
+	/**
+	 * The Ajax denied redirect url.
+	 */
+	def ajaxDenied = {
+		render([error: 'access denied'] as JSON)
+	}
+}

grails-app/controllers/LoginController.groovy

@@ -0,0 +1,12 @@
+import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
+
+class LogoutController {
+
+	/**
+	 * Index action. Redirects to the Spring security logout uri.
+	 */
+	def index = {
+		// TODO put any pre-logout code here
+		redirect uri: SpringSecurityUtils.securityConfig.logout.filterProcessesUrl // '/j_spring_security_logout'
+	}
+}

grails-app/controllers/LogoutController.groovy

@@ -0,0 +1,25 @@
+package hacking
+
+import grails.plugins.springsecurity.Secured
+
+class SecureController {
+
+	def index = {
+		render 'not secured'
+	}
+
+	@Secured(['ROLE_ADMIN'])
+	def admin = {
+		render 'you have ROLE_ADMIN'
+	}
+
+	@Secured(['ROLE_USER'])
+	def user = {
+		render 'you have ROLE_USER'
+	}
+
+	@Secured(['ROLE_ADMIN', 'ROLE_USER'])
+	def adminOrUser = {
+		render 'you have ROLE_ADMIN or ROLE_USER'
+	}
+}

grails-app/controllers/hacking/SecureController.groovy

@@ -0,0 +1,11 @@
+package hacking
+
+class OrgUser {
+
+	User user
+	Organization organization
+
+	static constraints = {
+		organization unique: 'user'
+	}
+}

grails-app/domain/hacking/OrgUser.groovy

@@ -0,0 +1,10 @@
+package hacking
+
+class Organization {
+
+	String name
+
+	static constraints = {
+		name unique: true, blank: false
+	}
+}