Plugins You can find out about all the publicly available Grails plugins.

Spring Security Taobao Plugin

1 vote
compile "org.grails.plugins:spring-security-taobao:1.1"
Custom repositories:
mavenRepo ""
mavenRepo ""
mavenRepo ""
mavenRepo ""

 Documentation  Source  Issues


Taobao open api authentication support for the Spring Security plugin.


grails install-plugin spring-security-taobao


Grails plugin for Taobao Open API Authentication(Grails 淘宝API认证插件), as extension to Grails Spring Security Core plugin



Author Email:


  • grails 2.0
  • spring-security-core plugin 1.2.7+


Configure taobao appkeys and appsecrets (/conf/Config.groovy): = ['app_key' : 'app_secret']

Configure taobao authentication dao bean (/conf/spring/resources.groovy):

beans = {

TaobaoAuthenticationDao Interface

you must implements this interface for you authentication logic.abstract methos:

TaobaoUser find(String nick, String appKey)

Called on every authorization attempt. Must return existing user (instance of TaobaoUser class) if user is already exists in database. Or null if user not exists yet, it will be created at this case.

void update(TaobaoUser taobaoUser)

Called when user session has changed.

void create(TaobaoUser taobaoUser)

Called when authenticated Taobao User not exists yet (when find has returned null value). It's the place to prepare all domain objects for your user, fill user roles, etc.

UserDetails getPrincipal(TaobaoUser taobaoUser)

Called to get actual user. return a instance of UserDetails


scenario: Company has many Shops, Shop has many ApiTokens(apiKey and apiSecret), code:

class GormTaobaoAuthenticationDao implements TaobaoAuthenticationDao {
   static final String USERNAME_SUFFIX = '@taobao'

UserDetailsService userDetailsService

TaobaoUser find(String nick, String appKey) { ApiToken apiToken = ApiToken.findByUserIdAndAppId(nick, appKey); return apiToken ? new TaobaoUser(apiToken.userId, apiToken.appId, apiToken.token) : null }

void create(TaobaoUser taobaoUser) {

Company.withTransaction { status -> String nick = taobaoUser.nick

List resources = Resource.findAll()

Role role = new Role(name: 'user', resources: resources)

User user = new User(username: nick + USERNAME_SUFFIX, enabled: true, role: role)

Shop shop = new Shop(originalId: nick) ApiToken apiToken = new ApiToken(userId: nick, appId: taobaoUser.appKey, token: taobaoUser.session) shop.addToApiTokens(apiToken)

Company company = new Company() company.addToShops(shop) company.addToUsers(user) company.addToRoles(role)

status.flush() } }

void update(TaobaoUser taobaoUser) { ApiToken apiToken = ApiToken.findByUserIdAndAppId(taobaoUser.nick, taobaoUser.appKey) if (apiToken) { ApiToken.withTransaction { status -> apiToken.token = taobaoUser.session } } }

UserDetails getPrincipal(TaobaoUser taobaoUser) { return userDetailsService.loadUserByUsername(taobaoUser.nick + USERNAME_SUFFIX) } }


spring events: