Certain data stored as plain text in a database is just asking for trouble these days. We hear too often about misplaced and stolen computers that contain databases full of Social Security numbers and other information that can lead to identity theft. We can help avoid these situations by encrypting those fields in a database so that if someone happens to get the data that they will have a difficult time getting the sensitive data.
Codecs
Grails provides a very good mechanism for this encryption in its Codec support. Codecs allow you to create encoders and decoders that become very easy to use in your application. Grails comes with a few useful ones built in to do things like Base64, URL, HTML, and Javascript Encoding.
Anywhere you have a string you can call the encodeAsCodecName or decodeCodecName to perform the encoding or decoding:
This is a nice, generally useful utility that can be used for any kind of string conversion really. There's nothing from stopping you from creating your encodeAsInteger or decodeShortDate if that's something you need a lot of in your application.
The basic format of a Codec is simple. You can create your new Codec in the grails-app/utils directory and it will be found automatically by Grails based on the naming convention.
Encryption Codec
In my case I wanted to create something to do encryption. Luckily this is not so hard with the javax.crypto classes. The crypto API is not the most straight forward to use in the world, but with a little bit of reading you can figure out how to encrypt and decrypt data without a lot of hassle. Basically what you see is a fairly simple encryption routine wrapped in the Grails Codec standard.
As you saw from previous example, the Codec standard is really simple, so all of the complexity here is really just the encryption code.
Another handy thing to notice is the ConfigurationHolder.config. This is the way to access application properties defined in Config.groovy. In a Domain class or a Controller you can get those values using grailsApplication.config but the grailsApplication variable is not available in Codecs or other classes. I use the Config.groovy to define an application specific secret to use for the encryption.
Testing Your Codec
Now to confirm that the code works we can write a Unit Tests. Encryption and Codecs are the perfect example of checking an Inverse Relationships to confirm the functionality of the Codec. Basically just encode it and decode it and compare the original value to the decoded value. If they match, it worked!
As a Unit Test
Outside the context of your running Grails application your Codec is just another Groovy class. Testing it in a Unit Test is easy though. You can just instantiate an instance of it and call the closures like they are methods.
As an Integration Test
If you want to be able to test it as it will be used in your Grails application though, you will need to run it as an integration test. The integration tests are loaded, instrumented and run just like they would be by the real Grails application. To do that, you just have to create the test under the tests/integration directory of your Grails application.