Restrict access by time with spring security in grails application

Question

I'm looking for the way to restrict users access by time in my grails application. I mean that users will be able to use (not only login) application only in allowed timeframes defined by days of week and start & end hours.

Could anyone advise the best way of doing this?

I'm thinking about adding some set of tables to my domain model which will contain time access rules. This rules will be applied to roles and users. Users rules will override roles rules.

As I understand, I need to implement some Authorization (not Authentication) Filter, which will do the check of time restrictions.

Am I one the right way? If so, then could anyone provide some usefull links for this task?

Answer 1

Aha, I already answered this on the mailinglist.

What I wrote:

Possible solution (two-fold):

For login: Custom UserDetails class that throws appropiate exception if outside timeslot (not sure if it is the most semantically correct place to do it, but it's easy there).

For people already logged in: Quartz job that run at the boundaries (like 2pm if thats when a slot ends) that run through active sessions and invalidate them. You can keep a list of active sessions in various ways, one (one and a half really, not sure if you can use Burt's plugin in a programmatic way) are covered here:

In grails, how do I get a reference to all current sessions?

I see now that the AccessDecisionVoter is a better solution than the custom userdetails, but the answer still remains for the same for the already logged in people.