Tag Archives: Security

Grails ldap integration with Active Directory via spring-security-ldap

The spring-security-ldap has great documentation. I put together a working example (at least in my environment) to complement the docs. When I was tasked with integrating our grails apps with Active Directory I remember there being a scarcity of examples.. so I hope this code will save you some time in getting ldap working with Active Directory in your grails environment.

Important files

grails-app/conf/Config.groovy
src/groovy/com/javazquez/ldapexample/MyUserDetailsContextMapper.groovy
src/groovy/com/javazquez/ldapexample/MyUserDetails.groovy
grails-app/conf/spring/resources.groovy

once you have your Active Directory configurations entered (grails-app/conf/Config.groovy), fire up your app and
test it out by logging in via the login controller.

Notes

  • You may have to update MyUserDetailsContextMapper.groovy as my Active Directory environment may differ from yours.
  • You may also want to update MyUserDetails.groovy to hold more or less info than my config.

-JV

Activiti GET/POST REST requests with Groovy

I have been working with Activiti lately and needed to test the REST API included with the demo. Below are the GET and POST requests I whipped up using Groovy. Hope you find this useful 🙂


//---Get Request
@Grab(group='org.codehaus.groovy.modules.http-builder', module='http-builder', version='0.5.0' )
import groovyx.net.http.RESTClient

def client = new RESTClient('http://localhost:8080/activiti-rest/service/process-engine')
println client.get(headers:[Authorization:"Basic ${'kermit:kermit'.bytes.encodeBase64()}"]).data

// output
[name:default, exception:null, version:5.7, resourceUrl:jar:file:/Users/juanvazquez/Documents/activiti-5.7/apps/apache-tomcat-6.0.32/webapps/activiti-rest/WEB-INF/lib/activiti-cfg.jar!/activiti.cfg.xml]


// POST request
@Grab(group='org.codehaus.groovy.modules.http-builder', module='http-builder', version='0.5.0' )
import static groovyx.net.http.ContentType.JSON

def jsonObj = new groovy.json.JsonBuilder()
jsonObj{
  userId 'kermit'
  password 'kermit'
}
def client = new groovyx.net.http.RESTClient('http://localhost:8080/activiti-rest/service/login')
def response = client.post(contentType: JSON, body:jsonObj.toString() )

println response.data           

//output
[success:true]

Login with Basic Authentication using Groovy

Hey there fellow Groovyists! I was recently in need of performing Basic Authentication on Apache using Groovy for a proof of concept. Below is what I was able to quickly put together.

//Here is a quick groovy 1.7.4 Basic Auth Example
@Grab(group=’org.codehaus.groovy.modules.http-builder’, module=’http-builder’, version=’0.5.0′ )

def authSite = new groovyx.net.http.HTTPBuilder( ‘http://10.110.201.115/~juanvazquez/basicAuth/’ )
authSite.auth.basic ‘user’, ‘pwd’
println authSite.get( path:’testAuth.html’ )

su vs. “su -” The Mystery Revealed

Inquiring minds want to know, what is this su - and why is it different than su? Well, if you are like me, you didn’t even know that su - existed. I ran into this problem when I was trying to add a new user to a new Linux machine. Remote root login was disabled(for obvious reasons:D) and I was logged in with my regular non-privileged user account. Well, normally the story goes like this…

  1. su
  2. Authenticate
  3. useradd account
  4. set password
  5. log out of privileged account
  6. Take coffee break from all the hard work and call it a day

No so today:( . When I attempted to run step three(useradd), I received a command not found error. “That’s weird” I thought. How could a machine not have this basic command. I looked in the bin directory to see if it was some kind of path error I was having. Thinking that this was the case, I was shocked to see that none of the user commands(adduser, usermod, deluser) where there.

After a few minutes of scratching my head, I asked someone more versed in Linux than I what they thought. After walking through each of the steps I had taken, my mistake was easily spotted. I hadn’t added the ‘-‘ to the su command. Thinking that the explanation was weird, I checked with google for the su - command. Sure enough, the link to Wikipedia had this to say about it,

Optionally, you can use a hyphen with su to invoke a login shell and assume the target user’s complete user environment:

I am glad I had someone to point this out to me… It could have been a longer and very frustrating ordeal. It was also a lesson for me to refer more to the man pages(it had the answer there too). I hope this blog entry helps someone else who is confronted with this situation.