Creating RESTful API’s with Grails and Spring Security
-
Upload
alvaro-sanchez-mariscal -
Category
Software
-
view
3.862 -
download
4
description
Transcript of Creating RESTful API’s with Grails and Spring Security
![Page 1: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/1.jpg)
Creating RESTful API’s with Grails and Spring
SecurityÁlvaro Sánchez-Mariscal
Web Architect – odobo !
@alvaro_sanchez
![Page 2: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/2.jpg)
About me
• Passionate software developer.
• Founded Salenda in 2005.
• Co-founded Escuela de Groovy in 2009.
• Groovy/Grails lover since 2007.
• Working now at Odobo as Web Architect.
![Page 3: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/3.jpg)
• HTML5 games platform for:
• Game developers.
• Casinos.
• Check out https://play.odobo.com and try for free!
![Page 4: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/4.jpg)
Different approaches
• Using just @Resource.
• With uri attribute.
• With explicit UrlMappings.
![Page 5: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/5.jpg)
Demostep1 … step2
![Page 6: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/6.jpg)
Different approaches
• Creating explicitly a controller and extending RestfulController.
• Defining just the constructor.
• Implementing actions based on the URL mappings report.
![Page 7: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/7.jpg)
Demostep3 … step4
![Page 8: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/8.jpg)
Different approaches
• Scaffolding (but don’t tell your mother).
![Page 9: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/9.jpg)
Customizing response
• Customize default renderers.
• Register custom marshallers.
• Use Hypermedia (and fasten your seat belts!).
• Use Dan Wood’s rest-renderers plugin.
![Page 10: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/10.jpg)
Demostep5 … step7
![Page 11: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/11.jpg)
Adding Spring Security
Motivation: we need to break down the traditional, monolithic Grails applications, in 2 different apps:
1. A pure HTML5/Javascript frontend.
2. A mere RESTful Grails backend.
![Page 12: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/12.jpg)
Adding Spring Security
Issue: The existing Spring Security plugins would not work with a RESTful, browser-
based client.
![Page 13: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/13.jpg)
REST is much more than just
returning JSON.
![Page 14: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/14.jpg)
RESTful is about*
Client / server.
Stateless.
Cacheable.
Layered.
* Source: Wikipedia.
![Page 15: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/15.jpg)
Meet Spring Security REST
A stateless, token-based authentication for your
RESTful API’s
![Page 16: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/16.jpg)
Authentication
![Page 17: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/17.jpg)
Demo
![Page 18: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/18.jpg)
Invoking a protected resource
![Page 19: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/19.jpg)
Demo
![Page 20: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/20.jpg)
Authentication Endpoint
• Uses the default authenticationManager bean, which in turn uses all the registered authentication providers.
• Receives username and password, and generates a customizable JSON response.
![Page 21: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/21.jpg)
Authentication Endpoint
• Credentials can be extracted from:
1. Request parameters.
2. A JSON payload.
3. Any custom implementation
![Page 22: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/22.jpg)
Token Generation
• 2 strategies out-of-the-box:
1. Using java.security.SecureRandom (default).
2. Using java.util.UUID.
• A custom implementation can be plugged.
![Page 23: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/23.jpg)
Token Storage
• In Memcached (default).
• Using GORM.
• Write your own.
![Page 24: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/24.jpg)
Token Storage
![Page 25: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/25.jpg)
Token Validation
• If the token header (X-Auth-Token by default) is present, the request will be validated.
• Otherwise, the plugin won’t participate in the filter chain.
![Page 26: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/26.jpg)
Token Validation
• If the passed token exists on the token storage, the principal will be stored on the security context.
• It can be retrieved using springSecurityService.principal
![Page 27: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/27.jpg)
CORS support
• Grails doesn’t support CORS (vote for GRAILS-10914).
• This plugin comes prepackaged with cors plugin.
![Page 28: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/28.jpg)
Demo
![Page 29: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/29.jpg)
OAuth support
![Page 30: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/30.jpg)
OAuth support
![Page 31: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/31.jpg)
Demo
![Page 32: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/32.jpg)
DevQA: make your testers happier with
Groovy, Spock and Geb
Tomorrow, 17:15
![Page 33: Creating RESTful API’s with Grails and Spring Security](https://reader031.fdocuments.in/reader031/viewer/2022013114/53fdce838d7f72a81c8b4b31/html5/thumbnails/33.jpg)
Thanks!Álvaro Sánchez-Mariscal
Web Architect – odobooo !
@alvaro_sanchez alvarosanchez