Get the CAS authentication response in grails

Question

Grails 2.2.2, plugins spring-security core and CAS plugins.

Lets say I've set up spring-security-core using the quickstart script, so I've got User, Role and UserRole tables. CAS is set up and working fine for users who are represented in these tables.

When the user in question visits, they do the redirect tango with CAS, which says they are okay and returns a username when the CAS plugin does the ticket validation. But, because the username is not represented in my User table, the auth fails according to spring-security, so I can't get the authorizedUser or Principal, etc.

But, I want to accept the CAS authentication even if the user in question is NOT in my User table, and thus has no roles. I trust this CAS server.

How do I get access to the response from the CAS ticket validation step? If I could do that, I could create a user using the name provided by CAS and assign some reasonable default roles.

Answer 1

Create your own UserDetailsService that implements org.codehaus.groovy.grails.plugins.springsecurity.GrailsUserDetailsService. It should create a new UserDetails based on the username passed in to loadUserByUsername rather than check the User table. Set it up as a spring bean with the name userDetailsService and it should override the default GORM implementation.