Spring Security Taobao Plugin

1 vote
Dependency : 
compile ":spring-security-taobao:1.1"
Custom repositories : 
mavenRepo "http://snapshots.repository.codehaus.org/"
mavenRepo "http://repository.codehaus.org/"
mavenRepo "http://download.java.net/maven/2/"
mavenRepo "http://repository.jboss.com/maven2/"

Documentation Source Issues

Summary

Taobao open api authentication support for the Spring Security plugin.

Installation

grails install-plugin spring-security-taobao

Description

Grails plugin for Taobao Open API Authentication(Grails 淘宝API认证插件), as extension to Grails Spring Security Core plugin

Information

Sources: https://bitbucket.org/mingidea/grails-spring-security-taobao

Author Email: simon.r.leung#gmail.com

Requirements:

  • grails 2.0
  • spring-security-core plugin 1.2.7+

Configuration

Configure taobao appkeys and appsecrets (/conf/Config.groovy): 

grails.plugins.springsecurity.taobao.appSecretMap = ['app_key' : 'app_secret']

Configure taobao authentication dao bean (/conf/spring/resources.groovy): 

beans = {
    taobaoAuthenticationDao(GormTaobaoAuthenticationDao)
}

TaobaoAuthenticationDao Interface

you must implements this interface for you authentication logic.abstract methos:

TaobaoUser find(String nick, String appKey)

Called on every authorization attempt. Must return existing user (instance of TaobaoUser class) if user is already exists in database. Or null if user not exists yet, it will be created at this case.

void update(TaobaoUser taobaoUser)

Called when user session has changed.

void create(TaobaoUser taobaoUser)

Called when authenticated Taobao User not exists yet (when find has returned null value). It's the place to prepare all domain objects for your user, fill user roles, etc.

UserDetails getPrincipal(TaobaoUser taobaoUser)

Called to get actual user. return a instance of UserDetails

example:

scenario: Company has many Shops, Shop has many ApiTokens(apiKey and apiSecret), code:

class GormTaobaoAuthenticationDao implements TaobaoAuthenticationDao {
   static final String USERNAME_SUFFIX = '@taobao'
   UserDetailsService userDetailsService
   TaobaoUser find(String nick, String appKey) {
      ApiToken apiToken = ApiToken.findByUserIdAndAppId(nick, appKey);
      return apiToken ? new TaobaoUser(apiToken.userId, apiToken.appId, apiToken.token) : null
   }
   void create(TaobaoUser taobaoUser) {
      Company.withTransaction { status ->
         String nick = taobaoUser.nick
         List resources = Resource.findAll()
         Role role = new Role(name: 'user', resources: resources)
         User user = new User(username: nick + USERNAME_SUFFIX, enabled: true, role: role)
         Shop shop = new Shop(originalId: nick)
         ApiToken apiToken = new ApiToken(userId: nick, appId: taobaoUser.appKey, token: taobaoUser.session)
         shop.addToApiTokens(apiToken)
         Company company = new Company()
         company.addToShops(shop)
         company.addToUsers(user)
         company.addToRoles(role)
         company.save()
         status.flush()
      }
   }
   void update(TaobaoUser taobaoUser) {
      ApiToken apiToken = ApiToken.findByUserIdAndAppId(taobaoUser.nick, taobaoUser.appKey)
      if (apiToken) {
         ApiToken.withTransaction { status ->
            apiToken.token = taobaoUser.session
         }
      }
   }
   UserDetails getPrincipal(TaobaoUser taobaoUser) {
      return userDetailsService.loadUserByUsername(taobaoUser.nick + USERNAME_SUFFIX)
   }
}

Events

spring events:

TaobaoUserCreatedEvent

TaobaoUserUpdatedEvent