June 4th, 2009
Here are the permissions I’ve used for Grails apps deployed to Tomcat running the Java security manager. The Grails 1.0.x permissions are for a simple CRUD app. So far the Grails 1.1 permissions are just for a Hello World app. They’re not cut-and-paste: some thought is required to apply to individual server setups and some duplication is present. The grants go in the conf/catalina.policy file and restarting Tomcat is required. Unfortunately, it seems impossible to completely isolate these per-webapp since the Groovy and Grails code presents itself in funny ways.
I’m using Tomcat 6.0.18 and used both JDK 1.6.0_12 and 1.6.0_13 running on some sort of Linux.
Read the rest of this entry »
Tags: grails, security, tomcat
Posted in tech | 1 Comment »
March 27th, 2009
The documentation for Tomcat 6.0.18 AJP/1.3 Connectors is incomplete and misleading. It seems to indicate that there is exactly one class for AJP, but there are actually three and the one you get may not match the documentation.
Read the rest of this entry »
Tags: AJP, tomcat
Posted in tech | No Comments »
March 26th, 2009
Grails 1.1 has changed logging setup completely, introducing a new DSL closure. For the most part it’s cool, but the syntax looks the same sometimes for both log level and appender assignments. I’ve updated my previous posts on debug logging and stacktrace.log. For the record, included below is the complete log4j closure I’m now using for a new Grails 1.1 project (or download it). Append this to the default Config.groovy file.
Read the rest of this entry »
Tags: grails, logging
Posted in meta, tech | 8 Comments »
March 25th, 2009
Sigh. The ubiquitous utility less does a really bad and hard to understand thing. For some time now, it behaves not just as a reader but also a writer: it writes a history file (specified by the environment variable LESSHISTFILE which is $HOME/.lesshst by default). If you want less to be writing things, fine, but don’t force it on me! This has caused some annoying problems that have been really hard to finally trace back to less.
Read the rest of this entry »
Tags: /dev/null, less, sudo
Posted in tech | No Comments »
October 7th, 2008
I recently refactored another developer’s code to clean up some massive amounts of database pings to retrieve the current user object. The main problem was in the use of the logged_in_user or current_user idiom in Rails. Several places give good examples but leave out the details that were bugging my project.
Read the rest of this entry »
Tags: rails
Posted in tech | No Comments »
October 1st, 2008
The default generated error.gsp view in Grails displays the stacktrace for any exceptions that occur. That’s nice for debugging in a development environment but it is a security issue for production as it is information leakage. We can easily turn this off when not in development, and do something useful like redirect to the application homepage.
Read the rest of this entry »
Tags: grails, security
Posted in tech | No Comments »
September 30th, 2008
Grails 1.0.x started creating a stacktrace.log file in the directory where the servlet container starts. In a development environment, using grails run-app, that’s simple enough— it appears in the top level of your application. In a production environment, this becomes a problem. Your production container (e.g. Tomcat) may start someplace where it can’t create files, like /. Thus you get exceptions sent to your container’s log files like:
java.io.FileNotFoundException: stacktrace.log (Permission denied)
Also, messages are appended to stacktrace.log– so it will continue to grow if you don’t do something about it. One option is to change where your container starts, e.g. have the startup script change to its logs directory. You can also configure your grails app to change the location of the stacktrace.log file or turn it off completely.
Read the rest of this entry »
Tags: grails, logging
Posted in tech | 2 Comments »
September 24th, 2008
To turn on display of debug log messages in Grails 1.0.2, add this to the bottom of grails-app/conf/Config.groovy:
environments {
development {
log4j {
logger {
grails."app"="debug,stdout"
//grails="debug,stdout" // maybe need this too
}
}
}
}
Info on other versions continues below.
Read the rest of this entry »
Tags: grails, logging
Posted in tech | No Comments »
September 23rd, 2008
The Grails docs talk about testing and have some example test methods but fail to describe some simple but necessary mechanics to get it going. The test methods should be in a class that extends GroovyTestCase (that word doesn’t appear at all when searching the Grails website). The class name must end with Tests since it must be in a file with a name ending in Tests.groovy under the test directory of your grails project.
Read the rest of this entry »
Tags: grails, junit, testing
Posted in tech | No Comments »
September 18th, 2008
I’ve started playing with git for source code revision management. Here is my first cut at a .gitignore for a Grails 1.0.3 project. Note that for previous versions you will also need (at least) a line /plugins/core
# .gitignore for Grails 1.0.3
# web application files that are overwritten by "grails upgrade"
# cf. GRAILS_HOME/scripts/Upgrade.groovy, target( upgrade )
/web-app/WEB-INF
# IDE support files that are overwritten by "grails upgrade"
# cf. GRAILS_HOME/scripts/CreateApp.groovy, target( createIDESupportFiles )
# to be specific, you could replace "/*" below with your project name,
# e.g. "foobar.launch" (no slash)
.classpath
.project
.settings
/*.launch
/*.tmproj
# logs
stacktrace.log
/test/reports
# project release file
*.war
Edit: took out build.xml since grails won’t overwrite it. The eclipse dot files .classpath, .project, and .settings will also not be overwritten if they exist, but I’m still ignoring them for now.
Update: I’ve made a few additions for Grails 1.1: gitignore11
Tags: git, grails
Posted in tech | 1 Comment »