Original Source

Dave Cherry has written a step-by-step guide for setting JEE style role based authentication (that means realms) as a way to secure your Grails application. This guide is not for the faint of heart, it requires you to roll your sleeves and edit a couple of files residing in your GRAILS_HOME directory, not your project_home directory, meaning the changes will be system wide and not project wide. Despite this minor inconvenient Dave is sure to point to alternatives and other useful JEE security links that will help you along the way.

JEE role based security provides a means of controlling access to resources configured at the application server level. On some larger projects or within corporations this type of access control may be mandated. Due to the fact that the application server controls the security, several applications can share the same realm and therefore share the same credentials, this can be a big plus on large websites, spanning multiple applications.

If you are not familiar with role based authentication look at Using Role based security and tomcat realm how to. Also note that Grails has other options for handling security including the ones listed here grails security plug-ins.

In order to use role based authentication with Grails, several changes are required. Unfortunately one of the cases requires that the actual runtime be changed. However, this change is very straightforward and documented here. Note any references to grailshome, actually refer to the directory where Grails itself is installed and not a Grails project.

Continue reading the full article at The Coder’s Corner.

Tags: Dave Cherry, Grails, Howto, Security