Grails 7

Author: bkoehm

.github/workflows/gradle.yml

@@ -21,7 +21,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: gradle/wrapper-validation-action@v2
       - uses: actions/setup-java@v4
-        with: { java-version: 11, distribution: temurin }
+        with: { java-version: 17, distribution: temurin }
       - name: Run Tests
         uses: gradle/actions/setup-gradle@v3
         env:
@@ -36,11 +36,11 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        test-config: [ 'static', 'annotation', 'requestmap', 'basic', 'misc', 'putWithParams', 'bcrypt', 'issue503' ]
+        test-config: [ 'static', 'annotation', 'requestmap', 'basic', 'basicCacheUsers', 'misc', 'putWithParams', 'bcrypt', 'issue503' ]
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-java@v4
-        with: { java-version: 11, distribution: temurin }
+        with: { java-version: 17, distribution: temurin }
       - name: Run Tests
         uses: gradle/actions/setup-gradle@v3
         env:
@@ -58,7 +58,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: gradle/wrapper-validation-action@v2
       - uses: actions/setup-java@v4
-        with: { java-version: 11, distribution: temurin }
+        with: { java-version: 17, distribution: temurin }
       - name: Run Build
         id: build
         uses: gradle/actions/setup-gradle@v3

README.md

@@ -7,6 +7,7 @@ See [documentation](https://grails-plugins.github.io/grails-spring-security-core
 
 ### Branch structure 
 
+- `7.0.x` compatible with Grails 7
 - `6.0.x` compatible with Grails 6
 - `5.0.x` compatible with Grails 5
 - `4.0.x` compatible with Grails 4

build.gradle

@@ -28,6 +28,7 @@ if (isReleaseVersion) {
 subprojects {
     version = rootProject.version
     repositories {
+        mavenLocal()
         mavenCentral()
         maven { url = 'https://repo.grails.org/grails/core' }
         if (libs.versions.groovy.get().endsWith('-SNAPSHOT')) {

buildSrc/build.gradle

@@ -1,4 +1,5 @@
 repositories {
+    mavenLocal()
     mavenCentral()
     maven { url = 'https://repo.grails.org/grails/core' }
 }
@@ -9,7 +10,7 @@ dependencies {
     implementation buildsrcLibs.grails.gradle.plugin, {
         // Grails Gradle plugin leaks groovy-xml onto compile classpath
         // which is causes a version conflict for Gradle
-        exclude group: 'org.codehaus.groovy', module: 'groovy-xml'
+        exclude group: 'org.apache.groovy', module: 'groovy-xml'
     }
     implementation buildsrcLibs.webdriver.binaries.gradle.plugin
 
@@ -19,3 +20,5 @@ dependencies {
 tasks.withType(Test).configureEach {
     useJUnitPlatform()
 }
+
+apply from: rootProject.layout.projectDirectory.file('../gradle/buildsrc-groovy-config.gradle')

examples/functional-test-app/build.gradle

@@ -36,8 +36,8 @@ dependencies {
     runtimeOnly libs.tomcat.jdbc
 
     compileOnly libs.micronaut.inject.groovy
-    compileOnly libs.javax.annotation.api
-    compileOnly libs.javax.servlet.api
+    compileOnly libs.jakarta.annotation.api
+    compileOnly libs.jakarta.servlet.api
     compileOnly libs.slf4j.nop // Prevent warnings about missing SLF4j implementation during GSP compilation
 }
 

examples/functional-test-app/grails-app/conf/application.groovy

@@ -49,6 +49,18 @@ switch (testconfig) {
 		]
 		break
 
+	case 'basicCacheUsers':
+		grails.plugin.springsecurity.securityConfigType = 'Annotation'
+		grails.plugin.springsecurity.useBasicAuth = true
+		grails.plugin.springsecurity.basic.realmName = 'Grails Spring Security Basic Test Realm'
+		grails.plugin.springsecurity.filterChain.chainMap = [
+			[pattern: '/secureclassannotated/**', filters: 'JOINED_FILTERS,-exceptionTranslationFilter'],
+			[pattern: '/**',                      filters: 'JOINED_FILTERS,-basicAuthenticationFilter,-basicExceptionTranslationFilter']
+		]
+		grails.plugin.springsecurity.cacheUsers = true
+		grails.plugin.springsecurity.providerManager.eraseCredentialsAfterAuthentication = false
+		break
+
 	case 'bcrypt':
 		grails.plugin.springsecurity.securityConfigType = 'Annotation'
 		grails.plugin.springsecurity.password.algorithm = 'bcrypt'

examples/functional-test-app/grails-app/views/error.gsp

@@ -6,8 +6,8 @@
 		<g:if test="${Throwable.isInstance(exception)}">
 			<g:renderException exception="${exception}" />
 		</g:if>
-		<g:elseif test="${request.getAttribute('javax.servlet.error.exception')}">
-			<g:renderException exception="${request.getAttribute('javax.servlet.error.exception')}" />
+		<g:elseif test="${request.getAttribute('jakarta.servlet.error.exception')}">
+			<g:renderException exception="${request.getAttribute('jakarta.servlet.error.exception')}" />
 		</g:elseif>
 		<g:else>
 			<ul class="errors">

examples/functional-test-app/src/integration-test/groovy/specs/BasicAuthCacheUsersSecuritySpec.groovy

@@ -0,0 +1,151 @@
+package specs
+
+import org.springframework.security.core.userdetails.UserCache
+import pages.LoginPage
+import pages.role.CreateRolePage
+import pages.role.ListRolePage
+import pages.role.ShowRolePage
+import pages.user.CreateUserPage
+import pages.user.ListUserPage
+import pages.user.ShowUserPage
+import spock.lang.IgnoreIf
+
+@IgnoreIf({ System.getProperty('TESTCONFIG') != 'basicCacheUsers' })
+class BasicAuthCacheUsersSecuritySpec extends AbstractSecuritySpec {
+
+	private HttpURLConnection connection
+	UserCache userCache
+
+	void 'create roles'() {
+		when:
+		to ListRolePage
+
+		then:
+		roleRows.size() == 0
+
+		when:
+		newRoleButton.click()
+
+		then:
+		at CreateRolePage
+
+		when:
+		authority = 'ROLE_ADMIN'
+		createButton.click()
+
+		then:
+		at ShowRolePage
+
+		when:
+		to ListRolePage
+
+		then:
+		roleRows.size() == 1
+
+		when:
+		newRoleButton.click()
+
+		then:
+		at CreateRolePage
+
+		when:
+		authority = 'ROLE_ADMIN2'
+		createButton.click()
+
+		then:
+		at ShowRolePage
+
+		when:
+		to ListRolePage
+
+		then:
+		roleRows.size() == 2
+	}
+
+	void 'create users'() {
+		when:
+		to ListUserPage
+
+		then:
+		userRows.size() == 0
+
+		when:
+		newUserButton.click()
+
+		then:
+		at CreateUserPage
+
+		when:
+		username = 'admin1'
+		password = 'password1'
+		$('#enabled').click()
+		$('#ROLE_ADMIN').click()
+		createButton.click()
+
+		then:
+		at ShowUserPage
+
+		when:
+		to ListUserPage
+
+		then:
+		userRows.size() == 1
+
+		when:
+		newUserButton.click()
+
+		then:
+		at CreateUserPage
+
+		when:
+		username = 'admin2'
+		password = 'password2'
+		$('#enabled').click()
+		$('#ROLE_ADMIN').click()
+		$('#ROLE_ADMIN2').click()
+		createButton.click()
+
+		then:
+		at ShowUserPage
+
+		when:
+		to ListUserPage
+
+		then:
+		userRows.size() == 2
+	}
+
+	@IgnoreIf({ !System.getProperty('geb.env') })
+	void 'check userDetails caching'() {
+
+		when:
+		go 'secureAnnotated'
+
+		then:
+		at LoginPage
+
+		when:
+		login 'admin1', 'password1'
+
+		then:
+		assertContentContains 'you have ROLE_ADMIN'
+
+		and:
+		userCache.getUserFromCache('admin1')
+
+		cleanup:
+		logout()
+	}
+
+	protected void logout() {
+		super.logout()
+		// cheesy, but the 'Authentication' header from basic auth
+		// isn't cleared, so this forces an invalid header
+		getWithAuth '', 'not_a_valid_username', ''
+	}
+
+	private void getWithAuth(String path, String username, String password) {
+		String uri = new URI(baseUrlRequired).resolve(new URI(path))
+		go uri.replace('http://', 'http://' + username + ':' + password + '@')
+	}
+}

examples/functional-test-app/src/integration-test/groovy/specs/RoleSpec.groovy

@@ -9,6 +9,7 @@ import spock.lang.IgnoreIf
 @IgnoreIf({ !(
 		System.getProperty('TESTCONFIG') == 'annotation' ||
         System.getProperty('TESTCONFIG') == 'basic' ||
+        System.getProperty('TESTCONFIG') == 'basicCacheUsers' ||
         System.getProperty('TESTCONFIG') == 'requestmap' ||
         System.getProperty('TESTCONFIG') == 'static')
 })

examples/functional-test-app/src/integration-test/groovy/specs/UserSpec.groovy

@@ -9,6 +9,7 @@ import spock.lang.IgnoreIf
 @IgnoreIf({ !(
 		System.getProperty('TESTCONFIG') == 'annotation' ||
 				System.getProperty('TESTCONFIG') == 'basic' ||
+				System.getProperty('TESTCONFIG') == 'basicCacheUsers' ||
 				System.getProperty('TESTCONFIG') == 'requestmap' ||
 				System.getProperty('TESTCONFIG') == 'static')
 })

examples/functional-test-app/src/main/groovy/com/testapp/MaintenanceModeFilter.groovy

@@ -3,12 +3,12 @@ package com.testapp
 import groovy.util.logging.Slf4j
 import org.springframework.web.filter.GenericFilterBean
 
-import javax.servlet.FilterChain
-import javax.servlet.ServletException
-import javax.servlet.ServletRequest
-import javax.servlet.ServletResponse
-import javax.servlet.http.HttpServletRequest
-import javax.servlet.http.HttpServletResponse
+import jakarta.servlet.FilterChain
+import jakarta.servlet.ServletException
+import jakarta.servlet.ServletRequest
+import jakarta.servlet.ServletResponse
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
 
 /**
  * If registered, this filter results in an HttpStatus of 500 being returned to the client

examples/functional-test-app/src/main/groovy/com/testapp/TestUserPasswordEncoderListener.groovy

@@ -7,7 +7,7 @@ import org.grails.datastore.mapping.engine.event.PreUpdateEvent
 import org.springframework.beans.factory.annotation.Autowired
 import grails.events.annotation.gorm.Listener
 import groovy.transform.CompileStatic
-import javax.annotation.PostConstruct
+import jakarta.annotation.PostConstruct
 
 @CompileStatic
 class TestUserPasswordEncoderListener {

examples/integration-test-app/build.gradle

@@ -33,7 +33,7 @@ dependencies {
     runtimeOnly libs.tomcat.jdbc
 
     compileOnly libs.micronaut.inject.groovy
-    compileOnly libs.javax.servlet.api
+    compileOnly libs.jakarta.servlet.api
     compileOnly libs.slf4j.nop
 
     testImplementation libs.spock.core

examples/integration-test-app/src/integration-test/groovy/grails/plugin/springsecurity/SecurityTagLibSpec.groovy

@@ -34,8 +34,8 @@ import org.springframework.web.context.request.RequestContextHolder
 import spock.lang.Ignore
 import spock.lang.Shared
 
-import javax.servlet.FilterChain
-import javax.servlet.ServletContext
+import jakarta.servlet.FilterChain
+import jakarta.servlet.ServletContext
 import java.security.Principal
 
 /**

examples/integration-test-app/src/integration-test/groovy/grails/plugin/springsecurity/SpringSecurityUtilsIntegrationSpec.groovy

@@ -36,9 +36,9 @@ import test.TestRole
 import test.TestUser
 import test.TestUserRole
 
-import javax.servlet.FilterChain
-import javax.servlet.ServletRequest
-import javax.servlet.ServletResponse
+import jakarta.servlet.FilterChain
+import jakarta.servlet.ServletRequest
+import jakarta.servlet.ServletResponse
 
 /**
  * Integration tests for <code>SpringSecurityUtils</code>.

examples/integration-test-app/src/main/groovy/com/test/AdditionalLogoutHandler.groovy

@@ -1,7 +1,7 @@
 package com.test
 
-import javax.servlet.http.HttpServletRequest
-import javax.servlet.http.HttpServletResponse
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
 
 import org.springframework.security.core.Authentication
 import org.springframework.security.web.authentication.logout.LogoutHandler

gradle/buildsrc-groovy-config.gradle

@@ -0,0 +1,9 @@
+configurations.configureEach {
+    resolutionStrategy.eachDependency { DependencyResolveDetails details ->
+        if ((details.requested.group == 'org.codehaus.groovy' || details.requested.group == 'org.apache.groovy') && details.requested.name != 'groovy-bom') {
+            String groovyVersion = findProperty('groovyVersion') ?: buildsrcLibs.versions.groovy.get()
+            details.useTarget(group: 'org.apache.groovy', name: details.requested.name, version: groovyVersion)
+            details.because "The dependency coordinates are changed in Apache Groovy 4, plus ensure version"
+        }
+    }
+}

gradle/buildsrc.libs.versions.toml

@@ -1,9 +1,10 @@
 [versions]
-asciidoctorj = '4.0.2'
-asset-pipeline-gradle = '4.4.0'
-grails-gradle-plugin = '6.1.2'
+asciidoctorj = '4.0.3'
+asset-pipeline-gradle = '5.0.0'
+grails-gradle-plugin = '7.0.0-SNAPSHOT'
 webdriver-binaries = '3.2'
-spock = '2.3-groovy-3.0'
+spock = '2.4-M4-groovy-3.0'
+groovy = '4.0.22'
 
 [libraries]
 asciidoctorj = { module = 'org.asciidoctor:asciidoctor-gradle-jvm', version.ref = 'asciidoctorj' }

gradle/groovy-config.gradle

@@ -1,8 +1,9 @@
 configurations.configureEach {
     resolutionStrategy.eachDependency { DependencyResolveDetails details ->
-        if (details.requested.group == 'org.codehaus.groovy') {
+        if ((details.requested.group == 'org.codehaus.groovy' || details.requested.group == 'org.apache.groovy') && details.requested.name != 'groovy-bom') {
             String groovyVersion = findProperty('groovyVersion') ?: libs.versions.groovy.get()
-            details.useVersion(groovyVersion)
+            details.useTarget(group: 'org.apache.groovy', name: details.requested.name, version: groovyVersion)
+            details.because "The dependency coordinates are changed in Apache Groovy 4, plus ensure version"
         }
     }
 }

gradle/java-config.gradle

@@ -1,5 +1,5 @@
 java {
-    sourceCompatibility = JavaVersion.VERSION_11
+    sourceCompatibility = JavaVersion.VERSION_17
     withJavadocJar()
     withSourcesJar()
 }