Spring security and sessionRegistry on grails

How to configure sessionRegistry in grails project. How to get list of online users (currently loggedin users) in grails.

Integrating spring security on your Grail project is very easy. You just need to add a plugin into the build config file and it's ready to go. Additionaly you have to configure minimal things on the Config.groovy file. For eg: configure Use, Role, User role mapping domain classes. Also you can add some access rules. Here is the simple example.

grails.plugin.springsecurity.userLookup.userDomainClassName = 'User'
grails.plugin.springsecurity.authority.className = 'Role'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'UserRole'

grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.useBasicAuth = true
grails.plugin.springsecurity.basic.realmName = "API"

grails.plugin.springsecurity.controllerAnnotations.staticRules = [
  //    '/**/**':                         ['ROLE_USER','ROLE_ADMIN','IS_AUTHENTICATED_ANONYMOUSLY'],
        '/':                              ['ROLE_USER','ROLE_ADMIN'],
        '/index':                         ['ROLE_USER','ROLE_ADMIN'],
        '/index.gsp':                     ['ROLE_USER','ROLE_ADMIN'],
        '/**/js/**':                      ['IS_AUTHENTICATED_ANONYMOUSLY'],
        '/**/css/**':                     ['IS_AUTHENTICATED_ANONYMOUSLY'],
        '/**/images/**':                  ['IS_AUTHENTICATED_ANONYMOUSLY'],
        '/**/favicon.ico':                ['IS_AUTHENTICATED_ANONYMOUSLY'],
        '/**/**':                         ['ROLE_ADMIN'],

]

I did the same and my Grail based web application startled authenticating and authorizing right away.

sessionRegistry

You want to show list of currently logged in users (online users) on your web application. sessionRegistry context from the spring security can be used to get all the user principals who have active session on the web context.

sessionRegistry.getAllPrincipals()

Here is how to use sessionRegistry in grails project that uses spring secuirty.

Locate the spring/resources.groovy file and add the following injection code.

resources.groovy

		import org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy
import org.springframework.security.web.session.ConcurrentSessionFilter
import org.springframework.security.core.session.SessionRegistryImpl
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy

beans = {

    sessionRegistry(SessionRegistryImpl)

    sessionAuthenticationStrategy(ConcurrentSessionControlStrategy, sessionRegistry) {
        maximumSessions = -1
    }

    concurrentSessionFilter(ConcurrentSessionFilter){
        sessionRegistry = sessionRegistry
        expiredUrl = '/login/concurrentSession'
    }
}  

Next you have to add listener on web.xml file.

web.xml

		 <listener>
        <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
    </listener> 

To enable editing on web.xml file you need to generate it though install-templates command using grails command line.

Now you can use sessionRegistry from any grail controller. Here is the example code.

		def sessionRegistry



  
def users= new ArrayList<User>(sessionRegistry.getAllPrincipals())
 

Like us

See also

Advantages of Java SE 8

What of the benefits of using Java 8? How can you get benefits from using Java 8 on your applications. Should you upgrade to Java 8?

Email Confirmation Example: Grails

Email confirmation example on Grails application.

Infinite scrolling with jquery plugin jscroll

Endless scrolling is today's trend, alternative to the traditional paging method. This tutorial guides you how to use jquery plugin to implement it and still accessible by search engines.