tags:

views:

76

answers:

1
+1  Q: 

Grails filters: can't make it work !

Hi,

Im trying to write a Filter for my web-app. I read [the documentation][1], and wrote this dummy filter in my grails-app/conf directory

class SecurityFilters {
   def filters = {
       someFilter(controller:'*',action:'*') {

              write('Filtering')

       }
   }
}

Next thing I do is set a breakpoint on the write statement, but it just doesn't stop there.

Do I need to "register" this filter or anything? Spring may be bodering?

From this question, it doesn't look like it.

Maybe i'm doing something wrong, or overlooked anything?

update

class SecurityFilters {
   def filters = {

       all(controller:'*',action:'*') {
        before={
              println 'Filtering'
              return false
        }
       }
   }
}

Thanks in advance.

[1]: http://www.grails.org/doc/1.3.x/guide/single.html#6.6 Filters

+1  A: 

Two problems. One is there's no 'write' method - change it to 'println' and it should work. But a filter is comprised of some combination of before, after, and afterView sub-closures, so what you really want is

class SecurityFilters {
   def filters = {
      someFilter(controller:'*',action:'*') {
         before = {
            println 'Filtering'
         }
      }
   }
}

But if you're really creating a security filter, please don't. It's too easy to do this incorrectly. The Spring Security Core and Shiro plugins have plenty of features and are easy to configure and use.

Burt Beckwith  2010-08-31 18:57:13
Still nothing :( . On ss -core and shiro, i don't think they can do what I need, its highly dependant on data and my database structure. Something on the lines of "if this user belongs to this organization, then grant access"
Tom  2010-08-31 19:09:03
i agree with Burt, you should use one of the existing plugins, they can be customize to utilize your own data structures
Aaron Saunders  2010-08-31 22:33:03
@Aaron All I see is ROLES and USERS, but nothing else :(
Tom  2010-09-01 13:52:21
Ok, I got it working. Turns out that the class name was SecurityFilters, but the file name was SecurityFilter. Refactored the file and voila!. Thank you.
Tom  2010-09-01 14:18:00
@Tom you can customize what user details are evaluated during the authentication process take a look at this http://www.grails.org/AcegiSecurity+Plugin+-+Custom+UserDetailsService
Aaron Saunders  2010-09-01 15:36:49
You wouldn't want to use the Acegi plugin, it's basically deprecated since all work is being done on the Spring Security Core plugin and its extension plugins. See section 11 in http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/ for the custom UserDetailsService writeup. You can also easily create a custom AuthenticationProvider that provides a more low-level hook into the authentication process.
Burt Beckwith  2010-09-01 16:24:59

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security