Developer B - Passionate about programming since 1997

No title Grails Shiro adapter for Mozilla Account Manager

For those of you living under rocks (or are too busy working to surf reddit ) and haven't heard about Mozilla Account Manager yet: I'll recommend watching this 37 second introduction video . The basic idea is to provide the browser with a manifest explaining how to do typical account operations (sign in, sign out, register, change password++).

By presenting a common graphical interface for all account related operations the browser can (theoretically) make it easier for several people to share the same browser, make it faster and easier to change the password for multiple accounts in case of unfortunate events like a stolen laptop, simplify account creation (good for people with disabilities) for user and so on.

How does it work?

I'm not going into details about how the Mozilla Account Manager works as this is explained on their web site. In really short terms you have to add a line to .well-known/host-meta (first time I've heard about "WebFinger") specifying the path to your "Account Management Control Document" document.

The "amcd" document is just a valid json file specifying things like sign in, sign out uris, login parameters and what to do in various success / failure situations. After a successful login you might want to redirect the user to a welcome page. When the browser knows these things it'll be able to automate a lot of the common account management operations for you.

Sites implementing this interface will communicate the current status to the browser through the X-Account-Management-Status http header. Example: 

X-Account-Management-Status: active; name="Superman"
 

How does the plugin work?

The plugin / adapter is surprisingly simple. Mozilla has probably realized that it has to be simple to implement before the masses will adopt it. In addition to the host-meta and amcd file it only provides two Grails artifacts.

  1. AccountManagerController, has the responsibility of communicating additional status information to the browser.
  2. ShiroAdapterFilters , takes care of setting the appropriate http headers based on whether a user is signed in or not.

Mozilla Account Manager Trying out the plugin

The plugin is bundled with a simple demo so can try the features without installing it into a Grails application. Running the plugin with the usual grails run-app command will set up a test user (superman:password). Note: These demo files are excluded when the plugin is packaged.

I tried installing this plugin in one of our production applications built on Grails and the Shiro plugin and it worked perfectly out of the box. If you've changed the default auth controller / action names this probably won't be the case for you and you'll have to edit amcd.json file.

Planned features

The current version is just a proof-of-concept (only sign in and sign out is supported) and I seriously recommend that you don't use it in production environments (even I don't). And why should you? There are almost nobody using this Firefox plugin yet.

Here are some features (in no particular order) that I'm thinking about implementing if people are interested and the Mozilla Account Manager gains traction (for example if it would be built into Firefox 4).

  • Configuration, the only way to configure the plugin today is to edit js/amcd.json and repackage the plugin. This is the only way to specify login parameters, on success / failure events and sign in / out uris.
  • Support for:

Notes regarding the Firefox plugin

The Firefox plugin is very rough around the edges (version 0.0.12). The gui is semi-broken on Linux (Ubuntu 10.04 with Compiz) and I had to open and close the browser a couple of times before it worked on windows.

Firefox needs to know about the user name and password before you can use the new Account Manager, so you have to log in once using the regular HTML login form so Firefox can pick up the credentials. This rough edge will probably be ironed out in a new release.

Downloads

I've uploaded the sources to Bitbucket together with a packaged version .

Fork me on GitHub