Issue Details (XML | Word | Printable)

Key: GRAILSPLUGINS-1209
Type: Improvement Improvement
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Graeme Rocher
Reporter: Tomas Lin
Votes: 1
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Grails Plugins

Allow user to enable https and set role-based access permissions ( basic or admin )

Created: 31/May/09 06:03 PM   Updated: 13/Jun/09 10:25 AM   Resolved: 12/Jun/09 01:06 PM
Return to search
Component/s: Grails-AppEngine
Affects Version/s: None
Fix Version/s: None

Time Tracking:
Not Specified

File Attachments: 1. File securePatch.diff (3 kB)

Patch Submitted: Yes


 Description  « Hide

The attached patch lets you define the following properties in your config files:

google.appengine.sessionEnabled = true // default true
google.appengine.enableSsl = true // default true
google.appengine.security.useHttps = ["/secure", "/shoppingcart/*", "/admin"]
google.appengine.security.requireAdmin = ["/admin", "/notsecuredadmin"]
google.appengine.security.requireLogin = ["/admin", "/", "/yabbadabbadoo"]

Based on these definitions, it will provide access control for the google app engine ( like JSecurity / Spring Security ) based on the Google App Engine's security model.

Given that App Engine only allows * and admin roles ( star means the user needs to be logged in, admin means the person needs to be an application admin ), there is no need for more robust declaration of roles.

useHttps in the .appspot.com domain will redirect to https://appname.appspot.com

more on google app engine security here : http://code.google.com/appengine/docs/java/config/webxml.html#Security_and_Authentication

Sort Order: Ascending order - Click to sort in descending order
[ Permalink | « Hide ]
Marcel Overdijk added a comment - 04/Jun/09 06:49 AM - edited

Yes, a DSL to secure url's based on the Google Accounts API would be very welcome.


[ Permalink | « Hide ]
Graeme Rocher added a comment - 12/Jun/09 01:06 PM

Thanks for the patch


[ Permalink | « Hide ]
Marcel Overdijk added a comment - 13/Jun/09 10:25 AM

I have no patch but maybe add something to the controller:

def secure = "*" or // requires login
def secure = "admin" // requires admin login

This as alternative/addition to:

google.appengine.security.requireAdmin = ["/admin", "/notsecuredadmin"]
google.appengine.security.requireLogin = ["/admin", "/", "/yabbadabbadoo"]

I'm not opening the issue, but what do you think?
Atlassian JIRA (v4.0#466) | Report a problem | Request a feature | Contact administrators
Powered by a free Atlassian JIRA open source license for Codehaus. Try JIRA - bug tracking software for your team.