Geek Answers Handbook

Securing a devel grails application with a single htpasswd like password

I am showing the grails app for some colleagues in the public domain. Until now, I work in development mode and have not deployed with the help of war.

I need to protect the application so that it cannot check it / play with it. I already have custom mgmt, but before sb sees everything I would like to get .htpasswd-like. If possible, I do not want to expand the application myself with the help of plugins (for example, shiro).

Any thoughts / suggestions?

Thank you so much!

+5
source share
2 answers

HTTP-. HTTP- , . spring -security . , HTTP- 401, . / , .

Grails , "" grails-app/conf. :

class SimpleAuthFilters {
    def USERNAME = "foo"
    def PASSWORD = "bar"

    static filters = {
        httpAuth(uri:"/**") {
            before = {
                def authHeader = request.getHeader('Authorization')
                if (authHeader) {
                    def usernamePassword = new String(authHeader.split(' ')[1].decodeBase64())
                    if (usernamePassword == "$USERNAME:$PASSWORD") {
                        return true
                    }
                }
                response.setHeader('WWW-Authenticate', 'basic realm="myRealm"')
                response.sendError(response.SC_UNAUTHORIZED)
                return false
            }
        }
    }
}
+5

$CATALINA_HOME/conf/tomcat-users.xml Tomcat:

<role rolename="role1"/>
<user username="user1" password="password1" roles="role1"/>

Grails grails install-templates. src/templates/war/web.xml .
( IDE, , .)

web.xml( web-app):

<security-constraint>
  <web-resource-collection>
    <web-resource-name>
      Entire Application
    </web-resource-name>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
      <role-name>role1</role-name>
  </auth-constraint>
</security-constraint>

<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>Restricted Area</realm-name>
</login-config>
+4

More articles:


All Articles