<< 5Token Generation
(Quick Reference)
7Token Rendering >>

6 Token Storage - Reference Documentation

Authors: Alvaro Sanchez-Mariscal

Version: 1.4.0

Table of Contents

6.1Memcached
6.2GORM
6.3Grails Cache

6 Token Storage

The tokens are stored on the server using a tokenStorageService bean. The plugin comes with out-of-the-box support for Memcached, GORM and Grails Cache, but you can use your own strategy implementing the TokenStorageService interface.

6.1 Memcached

To use Memcached, simply define the following configuration properties to match your environments accordingly:

Config keyDefault value
grails.plugin.springsecurity.rest.token.storage.useMemcachedfalse
grails.plugin.springsecurity.rest.token.storage.memcached.hostslocalhost:11211
grails.plugin.springsecurity.rest.token.storage.memcached.username''
grails.plugin.springsecurity.rest.token.storage.memcached.password''
grails.plugin.springsecurity.rest.token.storage.memcached.expiration3600

For development, if you have Memcached installed locally with the default settings, just define grails.plugin.springsecurity.rest.token.storage.useMemcached = true. It should work.

6.2 GORM

To use GORM, those are the relevant configuration properties:

Config keyDefault value
grails.plugin.springsecurity.rest.token.storage.useGormfalse
grails.plugin.springsecurity.rest.token.storage.gorm.tokenDomainClassNamenull
grails.plugin.springsecurity.rest.token.storage.gorm.tokenValuePropertyNametokenValue
grails.plugin.springsecurity.rest.token.storage.gorm.usernamePropertyNameusername

Please note that for tokenDomainClassName you must enter a fully qualified class name.

The domain class should look like this:

class AuthenticationToken {
    String tokenValue
    String username
}

In this case, instead of storing the whole UserDetails object, only the username is stored. This is because applications using this strategy will probably have the standard User and Role domain classes. Then, the username is passed to the default userDetailsService bean, which in the case of the default Spring Security Core GORM implementation will fetch the information from the mentioned domain classes.

6.3 Grails Cache

To use Grails Cache, simply define a cache name:

Config keyDefault value
grails.plugin.springsecurity.rest.token.storage.useGrailsCachefalse
grails.plugin.springsecurity.rest.token.storage.grailsCacheNamenull

The cache name should correspond to a name specified in the cache DSL.

Token expiration / eviction / TTL

By default, Spring Cache abstraction does not support expiration. It depends on the specific support of the actual providers. Grails has several plugins for this:

<< 5Token Generation
7Token Rendering >>
Quick Reference (hide)