Creating RESTful API’s with Grails and Spring Security

16,550 views
17,061 views

Published on

In this talk I will cover how to create a REST API using Grails 2.3 to support single-page applications, exploring all the possible alternatives.

Code is available at https://github.com/alvarosanchez/restful-grails-springsecurity-greach2014

I will also explain how to integrate Spring Security using the spring-security-rest plugin I recently created, to implement a stateless, token-based, RESTful authentication.

Published in: Software
3 Comments
20 Likes
Statistics
Notes
No Downloads
Views
Total views
16,550
On SlideShare
0
From Embeds
0
Number of Embeds
5,624
Actions
Shares
0
Downloads
241
Comments
3
Likes
20
Embeds 0
No embeds

No notes for slide

Creating RESTful API’s with Grails and Spring Security

  1. 1. Creating RESTful API’s with Grails and Spring Security Álvaro Sánchez-Mariscal Web Architect – odobo ! @alvaro_sanchez
  2. 2. About me • Passionate software developer. • Founded Salenda in 2005. • Co-founded Escuela de Groovy in 2009. • Groovy/Grails lover since 2007. • Working now at Odobo as Web Architect.
  3. 3. • HTML5 games platform for: • Game developers. • Casinos. • Check out https://play.odobo.com and try for free!
  4. 4. Different approaches • Using just @Resource. • With uri attribute. • With explicit UrlMappings.
  5. 5. Demo step1 … step2
  6. 6. Different approaches • Creating explicitly a controller and extending RestfulController. • Defining just the constructor. • Implementing actions based on the URL mappings report.
  7. 7. Demo step3 … step4
  8. 8. Different approaches • Scaffolding (but don’t tell your mother).
  9. 9. Customizing response • Customize default renderers. • Register custom marshallers. • Use Hypermedia (and fasten your seat belts!). • Use Dan Wood’s rest-renderers plugin.
  10. 10. Demo step5 … step7
  11. 11. Adding Spring Security Motivation: we need to break down the traditional, monolithic Grails applications, in 2 different apps: 1. A pure HTML5/Javascript frontend. 2. A mere RESTful Grails backend.
  12. 12. Adding Spring Security Issue: The existing Spring Security plugins would not work with a RESTful, browser- based client.
  13. 13. REST is much more than just returning JSON.
  14. 14. RESTful is about* Client / server. Stateless. Cacheable. Layered. * Source: Wikipedia.
  15. 15. Meet Spring Security REST A stateless, token-based authentication for your RESTful API’s
  16. 16. Authentication
  17. 17. Demo
  18. 18. Invoking a protected resource
  19. 19. Demo
  20. 20. Authentication Endpoint • Uses the default authenticationManager bean, which in turn uses all the registered authentication providers. • Receives username and password, and generates a customizable JSON response.
  21. 21. Authentication Endpoint • Credentials can be extracted from: 1. Request parameters. 2. A JSON payload. 3. Any custom implementation
  22. 22. Token Generation • 2 strategies out-of-the-box: 1. Using java.security.SecureRandom (default). 2. Using java.util.UUID. • A custom implementation can be plugged.
  23. 23. Token Storage • In Memcached (default). • Using GORM. • Write your own.
  24. 24. Token Storage
  25. 25. Token Validation • If the token header (X-Auth-Token by default) is present, the request will be validated. • Otherwise, the plugin won’t participate in the filter chain.
  26. 26. Token Validation • If the passed token exists on the token storage, the principal will be stored on the security context. • It can be retrieved using springSecurityService.principal
  27. 27. CORS support • Grails doesn’t support CORS (vote for GRAILS-10914). • This plugin comes prepackaged with cors plugin.
  28. 28. Demo
  29. 29. OAuth support
  30. 30. OAuth support
  31. 31. Demo
  32. 32. DevQA: make your testers happier with Groovy, Spock and Geb Tomorrow, 17:15
  33. 33. Thanks! Álvaro Sánchez-Mariscal Web Architect – odobooo ! @alvaro_sanchez alvarosanchez

×