Login di GRAILS menggunakan AcegiSecurity

Membuat keamanan di grails sepanjang pengetahuan gw ada 3 yaitu,
1. custom security, keamanan aplikasi yang kita buat sendiri - RIBET
2. menggunakan plugin JSecurity - SEDANG
3. menggunakan plugin AcegiSecurity dari Spring - FUN
Kali ini gw akan ceritakan pengalaman menggunakan Acegi.
Dimulai dari membuat aplikasi bookstore, begini ceritanya.

1. > grails create-app bookstore
> cd bookstore
2. > grails install-plugin acegi
3. > grails create-auth-domains User Role Requestmap
4. > grails generate-manager
5. > grails generate-registration
Buat contoh halaman yang akan diakses
6. > grails create-controller Secure
Buka file SecureController.groovy (di folder grails-app/controller)
edit file nya seperti berikut:

class SecureController {

def index = {
render 'Secure access only'
}
}

7. > grails run-app

Untuk test, ketik alamat berikut: http://localhost:8080/bookstore/secure
maka akan terlihat bahwa halaman tersebut belum diamankan.


Untuk mengamankan halaman tersebut, coba bikin role dulu di: http://localhost:8080/bookstore/role/create
dan buat role untuk admin.


lalu informasikan halaman yang akan di akses oleh role tersebut di: http://localhost:8080/bookstore/requestmap/create


terakhir kita buat user dengan role admin yang akan mengakses halaman tersebut:
http://localhost:8080/bookstore/user/create


coba akses kembali halaman secure tadi http://localhost:8080/bookstore/secure
maka kita harus login dulu sebelum bisa mengakses halaman tersebut.


:)

Web Framework Sederhana - CherryPy

Pernah lihat web framework sesederhana ini ngga (plus webserver dan builtin tools sekalian ada didalam cherrypy)?
----------------------------------------
import cherrypy

class HelloWorld:
     @cherrypy.expose
      def index(self):
             return "Hello World!"

cherrypy.quickstart(HelloWorld())
----------------------------------------
- Jalankan program dengan perintah: python HelloWorld.py (jika disimpan dengan nama tsb.)
- Buka browser dan ketik alamat: http://localhost:8080
- Selengkapnya, silakan kunjungi websitenya: cherrypy.org

Freedom Experience

Before I know Linux, I used to code in M$W%*%!? with &*76V&@B or D#4)el*7p%%h(i). At that time I didn't knew that they were not free and it's illegal to use without buying it.

IMHO, programmers are half artist and half magician. Coding with those IDE with components that I couldn't see why it behave like that made me frustrated. I'm not free...my mind is stuck, I don't know what to do anymore. The SQL statement seems weird in the IDE. I run through sleepless nights, But still I failed to figure it out.

Well that is past, I forgive them all. I think it's 2001, when I was introduced to Linux by a friend named Indrio. It was hard to install Linux at that time. But now it is easy and have lots of variation.

Lucky for us, we got a job using PHP, based on Linux OS. Creating almost an ERP application with our own mind.

It was awesome. I'm free. I expressed everything I had in mind. I'm not a pirate anymore, and I don't busy to erase viruses and update the eraser which is pirated either.

Thanks to GNU/Linux. Thanks to the FSF. And thanks to GOD, the Lord of Science.

Generator Continued...

My boss at the office told me, why should I bothered creating my own generator.
Well I think the answer is:
1. There's no learning curve (with all the unknown failure because of our own mistake or system bugs)
2. I can customize it at will
3. It is made in Indonesia (rare thing in this country)
4. It helps me to satisfy my customer
5. And make my children happy


The generator is now completed but I wont share it because it's just the same as previous codes. I only add a little spices here and there.

6. I can implemented the generator to any language or frameworks which I would use.

Code Generator Apps

I've developed systems all these years (since 1999) using various programming languages (VB, Delphi, PHP, Java Swing, J2EE, python, ruby). It is exciting to discover new system or new programming techniques or even new frameworks. But when it comes to the real job, you have to decide which technology is suite for you. Since human (mostly) is not a patient being, so I need a fast programing technique to quickly produce the requested system application.

Back in 2005 I created generator for Java Swing using J2SE. The result is fast. I can develop a desktop based application in 5 minutes or less. But writing the generator is painful, it was a long codes.

Today I created a generator using ruby language for php web based application. Even though it's not complete yet...but I'm satisfied because writing the generator codes is shorter, faster and the result is much faster. I'm newbie in Ruby, but I think I'm loving it.

Here is the code snippet:
********************************************
require 'mysql'

#puts "Enter host: "
#host = gets.chomp!
#puts "Enter username: "
#user = gets.chomp!
#puts "Enter password: "
#pass = gets.chomp!
#puts "Enter database: "
#db = gets.chomp!
puts "Generating files..."

conn = Mysql::new("localhost", "ruby", "", "clinic")

begin
res = conn.query("SHOW TABLES");
res.each do |row|

view = File.new("generated/"+row[0]+"_view.php", "w")
form = File.new("generated/"+row[0]+"_form.php", "w")
action = File.new("generated/"+row[0]+"_action.php", "w")

#Creating View++++++++++++++++++++++++++++++++++++
view.write("<? include('header.php'); ?>\n\n")
view.write("
<table width=\"100%\" class=\"frm\">
<tr><td class=\"pagetitle\">"+row[0]+"</td></tr>
</table><br>
<p align=\"left\"><a href=\""+row[0]+"_form.php?comm=create\">Data Baru</a></p>
<table class=\"frm\" align=\"left\">
<tr><th>No.</th>")
res2 = conn.query("DESC "+row[0])
res2.each do |row2|
if row2[0]!="id":
view.write("<th>"+row2[0]+"</th>")
end
end
view.write("<th> </th></tr>
<?
include(\"connection.php\");
$sql = \"SELECT * FROM "+row[0]+"\";
$query = mysql_query($sql);
$row = mysql_fetch_row($query);
$count = 1;
do{
list(")
res2 = conn.query("DESC "+row[0])
res2.each do |row2|
view.write("$"+row2[0]+",")
end
view.write(")=$row;
echo \"
<tr><td>$count</td>")
res2 = conn.query("DESC "+row[0])
res2.each do |row2|
if row2[0]!="id":
view.write("
<td>$"+row2[0]+"</td>")
end
end
view.write("
<td><a href='"+row[0]+"_form.php?comm=update&id=$id'>Edit</a> |
<a href='"+row[0]+"_action.php?id=$id' title='Anda yakin ?'>Hapus</a></td>
</tr>\";
$count++;
}while($row = mysql_fetch_row($query));
?>
</table>
\n")

view.write("\n<? include('footer.php'); ?>\n")

#Creating Form+++++++++++++++++++++++++++++++++++++++++++
form.write("<?\n include('header.php');\n include(\"connection.php\");\n?>\n")
form.write("
<p> </p>
<?
if(isset($_GET['comm'])){
$comm = $_GET['comm'];
echo \"<form method='post' action='"+row[0]+"_action.php'><table class='frm'>
<tr><th colspan='2'>"+row[0]+"</th></tr>\";
if($comm==\"create\"){
echo \"")
res3 = conn.query("DESC "+row[0])
res3.each do |row3|
if row3[0]!='id':
form.write("
<tr>
<td>"+row3[0]+"</td>
<td><input type='text' name='txt"+row3[0]+"'></td>
</tr>\n")
end
end
form.write("
<tr><td colspan='2' align='right'>
<input type='submit' name='submit' value='Simpan'>
<input type='submit' name='submit' value='Batal'>
</td></tr>\";
}elseif($comm==\"update\"){
$id = $_GET['id'];
$sql = \"SELECT * FROM "+row[0]+" WHERE id='$id'\";
$q = mysql_query($sql);
$r = mysql_fetch_row($q);
list(")
res2 = conn.query("DESC "+row[0])
res2.each do |row2|
form.write("$"+row2[0]+",")
end
form.write(")=$r;
echo \"")
res2 = conn.query("DESC "+row[0])
res2.each do |row2|
if row2[0]!='id':
form.write("
<tr>
<td>"+row2[0]+"</td>
<td><input type='text' name='txt"+row2[0]+"' value='$"+row2[0]+"'></td>
</tr>\n")
end
end
form.write("
<tr><td colspan='2' align='right'>
<input type='submit' name='submit' value='Edit'>
<input type='submit' name='submit' value='Batal'>
<input type='hidden' name='id' value='$id'>
</td></tr>\";
}
echo \"</table></form>\";
}
?>\n")
form.write("<? include('footer.php'); ?>\n")

#Creating Action+++++++++++++++++++++++++++++++++++++++++++
action.write("<?
include(\"connection.php\");
if(isset($_POST['submit'])){
$command = $_POST['submit'];\n")

res2 = conn.query("DESC "+row[0])
res2.each do |row2|
action.write(" $"+row2[0]+" = $_POST['txt"+row2[0]+"'];")
action.write("\n")
end

action.write("
if($command==\"Simpan\"){
$sql = \"INSERT INTO "+row[0]+" VALUES('', ")

res2 = conn.query("DESC "+row[0])
rescount = conn.affected_rows()
count = 1
puts row[0].to_s+": "+rescount.to_s
res2.each do |row2|
if row2[0]!="id":
if count == rescount:
action.write("'$"+row2[0]+"'")
else
action.write("'$"+row2[0]+"', ")
end
end
count = count + 1
end

action.write(")\";
if(mysql_query($sql)){
header(\"Location:"+row[0]+"_view.php\");
}else{
echo $sql;
}
}elseif($command==\"Edit\"){
$id = $_POST['id'];
$sql = \"UPDATE "+row[0]+" SET ")

res2 = conn.query("DESC "+row[0])
rescount = conn.affected_rows()
count = 1
res2.each do |row2|
if row2[0]!="id":
if count == rescount:
action.write(row2[0]+"='$"+row2[0]+"'")
else
action.write(row2[0]+"='$"+row2[0]+"', ")
end
end
count = count + 1
end

action.write(" WHERE id='$id'\";
if(mysql_query($sql)){
header(\"Location:"+row[0]+"_view.php\");
}else{
echo $sql;
}
}elseif($command==\"Batal\"){
header(\"Location:"+row[0]+"_view.php\");
}
}else{
$id = $_GET['id'];
if(mysql_query(\"DELETE FROM "+row[0]+" WHERE id=$id\")){
header(\"Location:"+row[0]+"_view.php\");
}else{
echo \"<p>Warning: cannot delete data! Please contact your administrator</p>\";
}
}
?>")
end
rescue SystemCallError
puts "File Exist"
end

puts "done."

********************************************
Maybe there is someone out there wants to correct it, make it more flexible, pluggable, or whatever, please notice me by e-mail.

My First Programming Work

I'm a jumping bug alias 'Kutu Loncat' (hehehe). Aku memulai karirku sebagai programmer tahun 1999, waktu itu sekitar tengah malam aku di telpon temenku Indra. "Zam, kamu udah kerja belum?" tanya Indra. Waktu itu dia udah tau aku lagi cari kerja dengan modal ngerti VB pas-pasan (tapi pede abis!).

Esok paginya aku datang ke komplek gedung Bimantara (sekarang menara kebon sirih). Di sana ada dua gedung dan satu masjid gede yang bikin aku relax berada di sana. Aku masuk ke gedung yang paling tinggi lalu aku tanya ke resepsionisnya, "Mba'...kalau GN-OTA lantai berapa ya?". "Oo, kalau GN-OTA di gedung sebelah pak". Wakwaww....ternyata di gedung yang lebih kecil (hihihi).

GN-OTA kepanjangan dari Gerakan Nasional Orang Tua Asuh. I thougt Indra was calling me in the middle of the night from his home...but I was mistaken. He was calling me from this office! yup, kerjanya 24 Jam jagain 5 server. Programmernya juga sama aja, 24 jam! tidurnya pas abis subuh paling lama 4 jam-an.

Waktu itu yang lagi di pake bahasa pemrograman Delphi5 padahal aku bisanya cuma VB. Tapi perusahaan gasih aku waktu untuk belajar. So be it. Aku belajar delphi sambil ngerjain proyek bikin laporan penyumbangan orang tua asuh dari seluruh Indonesia. Dalam waktu dua bulan aku udah kelar belajar dan menyelesaikan proyek. Selesai? ternyata belum...orang keuangannya marah2in aku (@*&^gimana sih!**$). Ternyata aku salah ngambil data di server 3, padahal server 3 cuma buat development doang. Live server-nya ada di server 5 (Ya Allah....cape deeh!). Waktu itu aku belum lulus kuliah jadi harus cuti kuliah dulu. Tapi dari situ alhamdulillah aku sekarang bisa belajar bahasa pemrograman baru dengan cepat.

Sekarang aku baru bisa bahasa program VB, Delphi, PHP, Python, Java, Ruby, C++. Paling lama aku belajar Java karena teknologinya banyak, frameworknya juga banyak, tapi aku suka. Banyak programmer yang bilang Java itu susah...sebenarnya nggak kalau dia bahasa Inggrisnya lumayan. Java itu English banget deh. Andaikan Java itu bahasa jawa banget...pasti aku yang nggak mudhenk(hehehe)