Tweak ZK to make event processing call groovy’s invokeMethod
My current project needs a very dynamic and fast pages without refreshs, or using the buzz word ajax, to accomplish this requirement I'm using ZK Direct RIA. As ZK heavily uses ajax requests with unpredictable url I need another way to protect the controller's actions (composer's method) instead of url. Using @Secured and groovy's invokeMethod I was able to protect each method of any class (please read the post to get a better picture of what I'll discuss) which works fines if the method call is from a groovy code, ZK is fully implemented in java though.
When a user clicks on a button, or does anything that generates events, zk process it and call the corresponding method in the composer class. ZK events processing executes this code when it find the method to call:
mtd.invoke(controller, new Object[] {evt});This uses Java Reflection API and completely bypass groovy's invokeMethod, what we need to do is use groovy's InvokerHelper class instead of direct calling the method using reflection.
InvokerHelper.invokeMethod(controller, mtd.getName(), new Object[] {params});Now that we know how to do it for any kind of java code let's dig into the problem with ZK event and find out where we should use InvokerHelper.
Enable @Secured annotation with Grails Spring Security plugin
How could I protect each method of my classes? Using Spring Security it should be easy, right? After a quick search I realize that the best way is to use @Secured annotation, good! Another issue fixed. But as life isn't fun without problems to solve it didn't work as expected.
The problem started because grails acegi plugin, in version 0.5.2, doesn't support this annotation.Talking about this in grail user mailing list Benjamin Doerr gave me a nice idea: use groovy's invokeMethod to add the support that I needed.
The idea is to use groovy meta magic to add behavior to the classes that have at least one method annotated, we well override the metaClass.invokeMethod of the class we want to enable the annotation. To keep things organized I create a new boot strap file in grail-app/conf/SecurityBootStrap.groovy and all the related code is place in this file.
First off all let's create a closure that can be used to override invokeMethod of any class:
Customizing SpringSecurity to protect each button of a page using Grails Acegi plugin
I'm very happy with grails acegi plugin, aka Spring Security Plugin, but on my newest project I needed a finner grained way to do control access than using simple urls filters and roles.
I wanted a way to control which button, link, action of the current page the user can access. If the user has only read access to a page than the page is shown but edit action isn't, because of this requirement using only roles to grant access isn't enough and could easily became a mess if I create one role per action. Use urls filters won't work because most urls are generated by ZK framework and hence are non predictable.
The solution is fully based on SpringSecurity capabilities and should work on every project that uses it independent of plugins or frameworks that I use. Since spring security plugin does the hard work for us, we just need to create two more classes besides acegi's default user and role and extends UserDetailsService interface. This is based on zk_sample project and is a database implementation of this article by Oleg Zhurakousky.
Solving Grails/GORM data truncation error on blob column using Java
Today GORM was in a bad mood and refuses to insert a text in a blob (clob) column. If a set a non null value in the attribute which was mapped to a blob field I end up with this strange error:
Caused by: java.sql.DataTruncation: Data truncation
Data truncation for a blob column makes no sense since blobs are made to handle large amount of data, as far as I know the limit is your storage space.
What I needed was an improved version of the Setting class that cames with settings plugin, I wanted to store large texts in some settings, larger the 100 characters which is the current limit, so I create a new attribute to store large texts, this new attribute is a blob in the dabase.