Grails preauthenticated spring security resources definition

BootStrap.groovy

import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
import org.codehaus.groovy.grails.plugins.springsecurity.SecurityFilterPosition

class BootStrap {

    def init = { servletContext ->
        // Add the bean 'j2eePreAuthenticatedProcessingFilter' into the filter chain
        SpringSecurityUtils.clientRegisterFilter('j2eePreAuthenticatedProcessingFilter', SecurityFilterPosition.PRE_AUTH_FILTER)

    }

    def destroy = {}
}

externalized-config.groovy

//set the providerNames to include 'preAuthenticatedAuthenticationProvider'
grails.plugins.springsecurity.providerNames = ['preAuthenticatedAuthenticationProvider', 'anonymousAuthenticationProvider']

resources.groovy

import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter
import org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
import org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
import org.springframework.security.core.authority.GrantedAuthorityImpl
import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint

// Place your Spring DSL code here
beans = {

    /*
     * Pre-authenticated bean setup defined below
     */

    /**
     * this service uses the security token to provide the granted authorities for the user
     */
    preAuthenticatedGrantedAuthoritiesUserDetailsService(PreAuthenticatedGrantedAuthoritiesUserDetailsService)

    /**
     * this provider uses pre-authenticated mechanism for authentication
     */
    preAuthenticatedAuthenticationProvider(PreAuthenticatedAuthenticationProvider) {
        preAuthenticatedUserDetailsService = ref('preAuthenticatedGrantedAuthoritiesUserDetailsService')
    }

    /**
     * This bean allows you to map container-level 'role' names to 
     * the GrantedAuthorities used by spring. note that although the setter method
     * for the attributes2grantedAuthoritiesMap supposedly can accept a String: String
     * map, the groovy Spring BeanBuilder fails to work correctly, so we must explicitly
     * define lists of GrantedAuthorityImpls
     */
    mappableRoles(MapBasedAttributes2GrantedAuthoritiesMapper){
        attributes2grantedAuthoritiesMap=[
                admin: [new GrantedAuthorityImpl('ROLE_ADMIN')],
                user: [new GrantedAuthorityImpl('ROLE_USER')],
                architect: [new GrantedAuthorityImpl('ROLE_ARCHITECT')]
        ]
    }

    /**
     * this AuthenticationDetailsSource sets the GrantedAuthorities defined
     * by the mapping into the Authentication token for use later by the UserDetailsService
     */
    j2eeAuthDetailsSource(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource){
        mappableRolesRetriever=ref('mappableRoles')
        userRoles2GrantedAuthoritiesMapper=ref('mappableRoles')

    }

    /**
     * This filter starts the auth processing from the request, and retrieves the
     * username from the servlet request's userPrincipal, and sets the Authentication
     * token details via the DetailsSource.
     */
    j2eePreAuthenticatedProcessingFilter(J2eePreAuthenticatedProcessingFilter) {
        authenticationManager = ref('authenticationManager')
        authenticationDetailsSource = ref('j2eeAuthDetailsSource')
    }

    /**
     * We don't want the normal spring security authentication to run, so we set the entry point
     * to always respond with HTTP 403 response
     */
    authenticationEntryPoint(Http403ForbiddenEntryPoint)

}

web.xml

<web-app xmlns="http://java.sun.com/xml/ns/javaee" metadata-complete="true" version="2.5" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<!-- snipped most content -->

<!-- 

You will need to define a grails gsp login form that submits a POST to the url 'j_security_check', using parameters
'j_username' and 'j_password' for authentication.

in this example it is located at /login/preauth

-->


 <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>Container Authentication</realm-name>
        <form-login-config>
            <form-login-page>/login/preauth</form-login-page>
            <form-error-page>/login/preauthError</form-error-page>
        </form-login-config>
    </login-config>

    <security-constraint>
            <web-resource-collection>
                <web-resource-name>web</web-resource-name>
                <url-pattern>/*</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                <role-name>*</role-name>
           </auth-constraint>
           <!-- uncomment if you require HTTPS
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
        -->
           
    </security-constraint>
    <security-role>
            <role-name>base-user-role</role-name>
    </security-role>


<!-- snipped most content -->

</web-app>