Creating RESTful API’s
with Grails and Spring
Security
Álvaro Sánchez-Mariscal
Web Architect – odobo
!
@alvaro_sanchez
About me
• Passionate software developer.
• Founded Salenda in 2005.
• Co-founded Escuela de Groovy in 2009.
• Groovy/Grai...
• HTML5 games platform for:
• Game developers.
• Casinos.
• Check out https://play.odobo.com and try
for free!
Different approaches
• Using just @Resource.
• With uri attribute.
• With explicit UrlMappings.
Demo
step1 … step2
Different approaches
• Creating explicitly a controller and
extending RestfulController.
• Defining just the constructor.
...
Demo
step3 … step4
Different approaches
• Scaffolding (but don’t tell your mother).
Customizing response
• Customize default renderers.
• Register custom marshallers.
• Use Hypermedia (and fasten your seat
...
Demo
step5 … step7
Adding Spring Security
Motivation: we need to break down the
traditional, monolithic Grails applications, in
2 different a...
Adding Spring Security
Issue: The existing Spring Security plugins
would not work with a RESTful, browser-
based client.
REST is much
more than just
returning JSON.
RESTful is about*
Client / server.
Stateless.
Cacheable.
Layered.
* Source: Wikipedia.
Meet Spring Security REST
A stateless, token-based
authentication for your
RESTful API’s
Authentication
Demo
Invoking a protected
resource
Demo
Authentication Endpoint
• Uses the default
authenticationManager bean,
which in turn uses all the registered
authenticatio...
Authentication Endpoint
• Credentials can be extracted from:
1. Request parameters.
2. A JSON payload.
3. Any custom imple...
Token Generation
• 2 strategies out-of-the-box:
1. Using java.security.SecureRandom
(default).
2. Using java.util.UUID.
• ...
Token Storage
• In Memcached (default).
• Using GORM.
• Write your own.
Token Storage
Token Validation
• If the token header (X-Auth-Token by
default) is present, the request will be
validated.
• Otherwise, t...
Token Validation
• If the passed token exists on the token
storage, the principal will be stored on
the security context.
...
CORS support
• Grails doesn’t support CORS (vote for
GRAILS-10914).
• This plugin comes prepackaged with cors
plugin.
Demo
OAuth support
OAuth support
Demo
DevQA: make
your testers
happier with
Groovy, Spock
and Geb
Tomorrow,
17:15
Thanks!
Álvaro Sánchez-Mariscal
Web Architect – odobooo
!
@alvaro_sanchez
alvarosanchez
Upcoming SlideShare
Loading in...5
×

Creating RESTful API’s with Grails and Spring Security

10,809

Published on

In this talk I will cover how to create a REST API using Grails 2.3 to support single-page applications, exploring all the possible alternatives.

Code is available at https://github.com/alvarosanchez/restful-grails-springsecurity-greach2014

I will also explain how to integrate Spring Security using the spring-security-rest plugin I recently created, to implement a stateless, token-based, RESTful authentication.

Published in: Software
3 Comments
17 Likes
Statistics
Notes
  • Hi! You have the example project in some place? Thank you!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Yes, the video is available at http://greach.es/speakers/alvaro-sanchez-mariscal-creating-restful-apis-with-grails-and-spring-security/
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • This looks really interesting - exactly what I was just researching. Is there a full presentation recording that could be referenced?
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
10,809
On Slideshare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
205
Comments
3
Likes
17
Embeds 0
No embeds

No notes for slide

Creating RESTful API’s with Grails and Spring Security

  1. 1. Creating RESTful API’s with Grails and Spring Security Álvaro Sánchez-Mariscal Web Architect – odobo ! @alvaro_sanchez
  2. 2. About me • Passionate software developer. • Founded Salenda in 2005. • Co-founded Escuela de Groovy in 2009. • Groovy/Grails lover since 2007. • Working now at Odobo as Web Architect.
  3. 3. • HTML5 games platform for: • Game developers. • Casinos. • Check out https://play.odobo.com and try for free!
  4. 4. Different approaches • Using just @Resource. • With uri attribute. • With explicit UrlMappings.
  5. 5. Demo step1 … step2
  6. 6. Different approaches • Creating explicitly a controller and extending RestfulController. • Defining just the constructor. • Implementing actions based on the URL mappings report.
  7. 7. Demo step3 … step4
  8. 8. Different approaches • Scaffolding (but don’t tell your mother).
  9. 9. Customizing response • Customize default renderers. • Register custom marshallers. • Use Hypermedia (and fasten your seat belts!). • Use Dan Wood’s rest-renderers plugin.
  10. 10. Demo step5 … step7
  11. 11. Adding Spring Security Motivation: we need to break down the traditional, monolithic Grails applications, in 2 different apps: 1. A pure HTML5/Javascript frontend. 2. A mere RESTful Grails backend.
  12. 12. Adding Spring Security Issue: The existing Spring Security plugins would not work with a RESTful, browser- based client.
  13. 13. REST is much more than just returning JSON.
  14. 14. RESTful is about* Client / server. Stateless. Cacheable. Layered. * Source: Wikipedia.
  15. 15. Meet Spring Security REST A stateless, token-based authentication for your RESTful API’s
  16. 16. Authentication
  17. 17. Demo
  18. 18. Invoking a protected resource
  19. 19. Demo
  20. 20. Authentication Endpoint • Uses the default authenticationManager bean, which in turn uses all the registered authentication providers. • Receives username and password, and generates a customizable JSON response.
  21. 21. Authentication Endpoint • Credentials can be extracted from: 1. Request parameters. 2. A JSON payload. 3. Any custom implementation
  22. 22. Token Generation • 2 strategies out-of-the-box: 1. Using java.security.SecureRandom (default). 2. Using java.util.UUID. • A custom implementation can be plugged.
  23. 23. Token Storage • In Memcached (default). • Using GORM. • Write your own.
  24. 24. Token Storage
  25. 25. Token Validation • If the token header (X-Auth-Token by default) is present, the request will be validated. • Otherwise, the plugin won’t participate in the filter chain.
  26. 26. Token Validation • If the passed token exists on the token storage, the principal will be stored on the security context. • It can be retrieved using springSecurityService.principal
  27. 27. CORS support • Grails doesn’t support CORS (vote for GRAILS-10914). • This plugin comes prepackaged with cors plugin.
  28. 28. Demo
  29. 29. OAuth support
  30. 30. OAuth support
  31. 31. Demo
  32. 32. DevQA: make your testers happier with Groovy, Spock and Geb Tomorrow, 17:15
  33. 33. Thanks! Álvaro Sánchez-Mariscal Web Architect – odobooo ! @alvaro_sanchez alvarosanchez
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×