Last updated by gayatrivb 2 years ago

AuthorizeTagLib

ifAllGranted

Will display inner body content only if all of the listed roles are granted: 

<g:ifAllGranted role="ROLE_ADMIN,ROLE_SUPERVISOR">secure stuff here</g:ifAllGranted>
In a controller use the authenticateService: 
…
def authenticateService   // insert at the beginning of the class
…
def isAdmin = authenticateService.ifAllGranted('ROLE_ADMIN') // boolean, use in the method

ifAnyGranted

Will display inner body content if any of the listed roles are granted: 

<g:ifAnyGranted role="ROLE_ADMIN,ROLE_SUPERVISOR">secure stuff here</g:ifAnyGranted>

ifNotGranted

Will display inner body content if none of the listed roles are granted: 

<g:ifNotGranted role="ROLE_USER">non-user stuff here</g:ifNotGranted>

loggedInUserInfo

Displays the value of the specified domain user class field if logged in. For example this will show the user's username property: 

<g:loggedInUserInfo field="username"/>  // as a gtag
${loggedInUserInfo(field:'username')}   // as a GString-expression

isLoggedIn

Will display inner body content if the user is authenticated: 

<g:isLoggedIn>content for logged in user</g:isLoggedIn>

isNotLoggedIn

Will display inner body content if the user is not authenticated: 

<g:isNotLoggedIn>content for anonymous (not logged in) user</g:isNotLoggedIn>

AuthBase

AuthBase.groovy is a sample Controller base class that can optionally be used to share common security-related functionality between secured controllers. Some features include:

  • dependency injection for AuthenticateService
  • allows specification per-controller of required roles to access the controller (see the 'requestAllowed' field)
  • provides Locale resolution
  • turns off caching

AuthenticateService

A Service class that provides some security utility functions. Has some (deprecated) overlap with AuthorizeTagLib, but also provides these methods:

  • principal() to retrieve the currently logged in user's Principal
  • userDomain() to retrieve the currently logged in user's Domain class
  • getSecurityConfig() to retrieve the security configuration (DefaultSecurityConfig attributes merged with SecurityConfig attributes)
  • encodePassword(String passwd) to encode the given password
  • isLoggedIn() returns true if the current user is logged in, false otherwise
Sample usage: 
class SimpleController {
   def authenticateService
   def simpleAction = {
      def principal = authenticateService.principal()
      println principal.getUsername()//get username
      println principal.getAuthorities()//get authorities
   }
}

Problems ..

If, for some reason, the tags appear not to be working, try printing the roles out through taglib. Something like: in AuthorizeTaglib.groovy - 

def ifAnyGranted = { attrs, body ->
	   System.out.println("${attrs.role}")
           …
        }
The AuthorizeTools.parseAuthoritiesString() method, which is called in ifAnyGranted/ifNotGrated/ifAllGranted expects a comma-separated value as parameter. See if you are passing the right authorities or not.