Giter VIP home page Giter VIP logo

grails-spring-security-oauth2's Introduction

Spring Security OAuth2 Plugin

Java CI

Main differences with the Grails 2 plugin:

Documentation

User Guide

Installation

For Grails 5.3+

Add the following dependencies in build.gradle

dependencies {
...
    implementation 'org.grails.plugins:spring-security-core:5.2.1'
    implementation 'org.grails.plugins:spring-security-oauth2:3.0.0'
...
}

You will also need at least one provider extension, i.e the grails-spring-security-oauth2-google plugin Change the version to reflect the actual version you would like to use.

You can configure the following parameters in your application.yml. This is fully optional

grails:
    plugin:
        springsecurity:
            oauth2:
                active: true    #whether the whole plugin is active or not
                registration:
                    askToLinkOrCreateAccountUri: '/oauth2/ask' # The URI that is called to aks the user to either create a new account or link to an existing account
                    roleNames: ['ROLE_USER'] #A list of role names that should be automatically granted to an OAuth User. The roles will be created if they do not exist

Once you have an User domain class, initialize this plugin by using the init script grails init-oauth2 <domain-class-package> <user-class-name> <oauthid-class-name> In example: grails init-oauth2 com.yourapp User OAuthID That will create the domain class com.yourapp.oAuthID

Finally add:

static hasMany = [oAuthIDs: OAuthID]

to your user domain class.

Extensions

List of known extension

How to create a new provider plugin

  1. Create a new plugin with grails create-plugin spring-security-oauth2-myProvider
  2. Add the following plugins as dependency in build.gradle:
    • compileOnly 'org.grails.plugins:spring-security-core:3.+'
    • compileOnly 'org.grails.plugins:spring-security-oauth2:1.1.+'
  3. Create a service in your plugin that extends OAuth2AbstractProviderService and implement the abstract methods. You can override the other methods for fine-tuning if needed.

License

Apache 2

grails-spring-security-oauth2's People

Contributors

aitmanas avatar chenmins avatar guillermocalvo avatar matrixcrawler avatar puneetbehl avatar renovate[bot] avatar tucker-bluesage avatar tylervz avatar yohannrub avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

demon101 tylervz yohannrub ixuea stigmelling osoco noirtam chenmins dhalupa ivo-k jglapa

grails-spring-security-oauth2's Issues

Interal URLs cannot be used as oauth provider

The default instance of UrlValidator prevents us to use intranet domain names, which are not compliant to url validator. For example dev.somewhere.local is invalid because of local is not valid TLD.

class SpringSecurityOAuth2Controller {
...
    def authenticate() {
        String providerName = params.provider
        if (StringUtils.isBlank(providerName)) {
            throw new OAuth2Exception("No provider defined")
        }
        log.debug "authenticate ${providerName}"
        String url = springSecurityOauth2BaseService.getAuthorizationUrl(providerName)
        log.debug "redirect url from s2oauthservice=${url}"

        //You cannot use internal/local urls because of this line
        if (!UrlValidator.instance.isValid(url)) {
            flash.message = "Authorization url for provider '${providerName}' is invalid."
            redirect(controller: 'login', action: 'index')
        }
        redirect(url: url)
    }
...

It is possible/reasonable to omit the validation or make it configurable e.g. by injecting the validator?

Doc: How to run the init-oauth2 command with Grails 6

Docs say:

grails init-oauth2 <domain-class-package> <user-class-name> <oauthid-class-name>

However, that does not work. I tried with:

 ./gradlew runCommand "-Pargs=init-oauth2 com.yourapp User OAuthID"

Similar to what we tell users to do in spring security core.

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

  • Update gradle/gradle-build-action action to v3

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

github-actions
.github/workflows/docs.yml
  • actions/checkout v4
  • actions/setup-java v4
  • actions/checkout v4
  • gradle/gradle-build-action v2
  • grails/github-pages-deploy-action v2
.github/workflows/gradle.yml
  • actions/checkout v4
  • actions/setup-java v4
  • gradle/gradle-build-action v2
  • actions/checkout v4
  • actions/setup-java v4
  • gradle/gradle-build-action v2
.github/workflows/release-notes.yml
  • actions/checkout v4
  • release-drafter/release-drafter v5.25.0
  • ncipollo/release-action v1
.github/workflows/release.yml
  • actions/checkout v4
  • actions/setup-java v4
  • gradle/gradle-build-action v2
  • actions/upload-artifact v4
  • gradle/gradle-build-action v2
  • actions/checkout v4
  • actions/setup-java v4
  • actions/checkout v4
  • gradle/gradle-build-action v2
  • actions/setup-java v4
  • actions/checkout v4
  • gradle/gradle-build-action v2
  • grails/github-pages-deploy-action v2
gradle
gradle.properties
  • org.grails:grails-gradle-plugin 6.1.1
settings.gradle
  • com.gradle.enterprise 3.16.2
  • com.gradle.common-custom-user-data-gradle-plugin 1.12.1
build.gradle
  • org.asciidoctor:asciidoctor-gradle-jvm 4.0.1
  • io.github.gradle-nexus.publish-plugin 1.3.0
  • javax.servlet:javax.servlet-api 4.0.1
  • com.github.scribejava:scribejava-apis 8.3.3
  • org.grails.plugins:spring-security-core 6.1.1
  • cglib:cglib-nodep 3.3.0
  • com.github.javaparser:javaparser-core 3.25.8
gradle-wrapper
gradle/wrapper/gradle-wrapper.properties
  • gradle 7.6.3
  • Check this box to trigger a request for Renovate to run again on this repository

Grails 4 support

Please indicate when this plugin will be upgraded to support Grails 4.

Connect to multiple providers

Hi!
Is there a way to connect to multiple OAuth2 providers with this plugin?

I'm creating a sample project to connect to 2 (or more) different OKTA accounts, this is something like what I'm trying to do:

application.yml (inside my grails app):

plugin:
    springsecurity:
        oauth2:
            active: true
            registration:
                roleNames: ['ROLE_USER']
            providers:
                okta:
                    api_key: 'XXXXXXXXX'
                    api_secret: 'XXXXXXXXX'
                    userInfoUrl: 'https://dev-XXXXXXXXX.okta.com/oauth2/default/v1/userinfo'
                    authorizeUrl: 'https://dev-XXXXXXXXX.okta.com/oauth2/default/v1/authorize'
                    tokenUrl: 'https://dev-XXXXXXXXX.okta.com/oauth2/default/v1/token'
                    scopes: 'email profile openid'
                okta:
                    api_key: 'YYYYYYYYYY'
                    api_secret: 'YYYYYYYYYY'
                    userInfoUrl: 'https://dev-YYYYYYYYYY.okta.com/oauth2/default/v1/userinfo'
                    authorizeUrl: 'https://dev-YYYYYYYYYY.okta.com/oauth2/default/v1/authorize'
                    tokenUrl: 'https://dev-YYYYYYYYYY.okta.com/oauth2/default/v1/token'
                    scopes: 'email profile openid'

Thanks and regards!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.