I have declared Spring Security in my application.yml as a dependency and when running my app the default login form works as expected. I would like to style the form so my application is seamless.
In views/auth I have auth.gsp which contains the following code:
<form method="POST" action="${resource(file: 'j_spring_security_check')}">
<table>
<tr>
<td>Username:</td><td><g:textField name="j_username"/></td>
</tr>
<tr>
<td>Password:</td><td><input name="j_password" type="password"/></td>
</tr>
<tr>
<td colspan="2"><g:submitButton name="login" value="Login"/></td>
</tr>
</table>
</form>
This form appears as expected however when submitting the form nothing happens. I'm assuming it's because {resource(file: 'j_spring_security_check')} is not the action that it should be going to. I have got this code from here and I believe this is written with Grails 2 in mind. Any idea what the correct action is?
The following is the working customised login form:
<form method="POST" action="${resource(file: '/login/authenticate')}" class="form-signin">
<h2 class="form-signin-heading text-center">Login</h2>
<input type="text" class="form-control" name="username" placeholder="Username"/>
<input type="password" class="form-control" name="password" placeholder="Password"/>
<label class="checkbox text-center">
<input type="checkbox" value="remember-me" id="rememberMe" name="remember-me"> Remember me
</label>
<button class="btn btn-lg btn-default btn-block" type="submit">Login</button>
</form>
Key things to note are:
j_spring_security_check is now /login/authenticate
j_username is now username
j_password is now password
Documentation for Spring security 3 which is used for Grails 3 is here
I'm shocked to find that a blog post from six years ago isn't 100% correct. Perhaps you'll have better luck reading the documentation, in particular the "What’s New in Version 3.0" section.
Related
I'm implementing a login form like this:
<form action="${postUrl ?: '/login/auth'}" method="POST" id="loginForm" class="cssform" autocomplete="off">
<p>Por favor ingrese sus credenciales:</p>
<div class="form-group" style="color: #2C3E50 ">
<input type="text" name="${usernameParameter ?: 'username'}" id="username" class="form-control input-lg" placeholder="Usuario" required="">
</div>
<div class="form-group" style="color: #2C3E50">
<input type="password" name="${passwordParameter ?: 'password'}" id="password" class="form-control input-lg" placeholder="Contraseña" required="">
</div>
<p id="remember_me_holder">
<input type="checkbox" class="i-checks" name="${rememberMeParameter ?: 'remember-me'}" id="remember_me">
<label> Recuérdame</label>
</p>
<div class="btn-h">
<button type="submit" class="btn btn-azul btn-lg block full-width m-b" id="submit" value='${message(code: 'springSecurity.login.button')}' title="Ingresar al sistema SIIDE-DGAPA">
<i class="fa fa-sign-in"> </i> Iniciar sesión
</button>
</div>
</form>
Authentication works fine, but after logging in, redirects me to auth.html page, I want sent to index.gsp
You can change this url:
application.yml:
grails:
plugin:
springsecurity:
successHandler:
defaultTargetUrl: "/pathToRedirectAfterLogin"
alwaysUseDefault: true
Grails Spring Security plugin is very powerful. There are a huge number of different settings. Read docs: http://grails-plugins.github.io/grails-spring-security-core/
From your question, I suspect you have a bit confused with how spring security works.
Please check out with this tutorial Spring Security Core Tutorial
This tutorial is quite useful
Hope it helps, cheers.
I am trying to submit a form in a bootstrap framework and cannot get past the validation, even with correct data.
I think there might be an error with this syntax,
<form name=form1 method=post action=signupck.php onsubmit='return validate(this)'><input type=hidden name=todo value=post>
then the form fields... which all display correctly - so no problems there - in the style:
<div class="row">
<div class="col-xs-2">
<label for="fname">Forename</label>
<input type="text" class="form-control" id="fname" placeholder="Forename"><br></br>
</div>
<div class="col-xs-2">
<label for="sname">Surname</label>
<input type="text" class="form-control" id="sname" placeholder="Surname">
</div>
</div>
and then,
<input type=submit value=Signup>
<input type="reset" class="btn btn-default" value="Reset">
The form on submission displays signupck.php, signalling validation messages when is should be submitted ok. I have got this working outside the bootstrap, but when I put this inside the template, in the form above, I get the problems.
Any help would be most appreciated.
I'm working on some backend project and want to load form via jQueryUI tabs
<div id="parameters_tabs" style="width:920px;">
<ul>
<li><?=$this->lang->line('tab_name')?></li>
</ul>
</div>
in response I produce few forms as in example below:
<?
for ($i = 0; $i < count($groups); $i++)
{
?>
<form id="group_form<?=$i?>" method="POST" action="<?=base_url()?>update_group">
<input type="hidden" name="<?=$this->config->item('csrf_token_name')?>" value="<?=$token?>" />
<input type="hidden" name="id" value="<?=$groups[$i]['id']?>" />
<tr>
<td>
<input type="text" value="<?=$groups[$i]['name']?>" name="name" />
</td>
<td>
<input type="text" value="<?=$groups[$i]['short_name']?>" name="short_name" />
</td>
<td>
<textarea cols="80" rows="4" name="desc"><?=$mgroups[$i]['desc']?></textarea>
</td>
<td style="width: 30px">
<a class="save" onclick="$('#group_form<?=$i?>').submit();"><?=$this->lang->line('save')?></a>
</td>
</tr>
</form>
<?
}
?>
when clicking on "save" I got standard error about CSRF protection:
"An Error Was Encountered
The action you have requested is not allowed."
Can anyone help me and tell where I made mistake? Of course in source I see proper csrf_token_name.
This article helped me when I was experiencing the same issue. Using the built-in form helper form_open() function might also help solve the problem (as it generates the hidden CSRF field for you).
I'm using spring security on my grails app and want to to this:
My Homepage is : http://www.test.com:8080/my-app/ this is the index.gsp
Now I have insert a login form in the index.gsp file:
<form action='${postUrl}' method='POST' id='loginForm' class='cssform' autocomplete='off'>
<p>
<label for='username'><g:message code="springSecurity.login.username.label"/>:</label>
<input type='text' class='text_' name='j_username' id='username'/>
</p>
<p>
<label for='password'><g:message code="springSecurity.login.password.label"/>:</label>
<input type='password' class='text_' name='j_password' id='password'/>
</p>
<p id="remember_me_holder">
<input type='checkbox' class='chk' name='${rememberMeParameter}' id='remember_me' <g:if test='${hasCookie}'>checked='checked'</g:if>/>
<label for='remember_me'><g:message code="springSecurity.login.remember.me.label"/></label>
</p>
<p>
<input type='submit' id="submit" value='${message(code: "springSecurity.login.button")}'/>
</p>
</form>
Now when I insert the username and password I want to redirect to url : http://www.test.com:8080/my-app/customer/list
How can I do this?
This answer should help you: Grails Spring Security: redirect after login success/failure
This question will very likely be considered a duplicate. If you don't mind, before posting a question on SO, run a quick search (here or on Google). :)
EDIT: I feel so stupid, I wasn't merging my branches properly with git. Like I said, I am quite new to programming and am prone to these types of errors. I appreciate the help, though.
I am on ch. 7 of the Rails by Example book, where I created a basic "Sign up" form. When I submit the form on my localhost, it works properly by directing me to either
LOCALHOST/new (back to sign up page, registration info error) or LOCALHOST/show (user profile, success).
When I push this same app to heroku and hit the submit button, it always leads me to this url:
appname.heroku.com/form_action.asp?fname=&email=&password=&password= which tells me
"The page you were looking for doesn't exist. You may have mistyped the address or the page may have moved."
Instead of appname.heroku.com/new or /show.
I am so confused, I am a beginner programmer and it boggles my mind why things work so perfectly on the localhost but not on the production server. Please help!
My code is on github:
https://github.com/Chamza/Sample-App2
Are you running the 'cedar' stack on Heroku? I believe the url should be appname.herokuapp.com -- not appname.heroku.com. Since your code in github is based using rails 3.2.1, you should be using the cedar stack.
Here's some information on the cedar stack from heroku: https://devcenter.heroku.com/articles/cedar
Also, can you run heroku logs --tail --app my-app-name and then post what happens when you click the link? That's known as 'tailing the log' and it will give you real-time output of what's happening.
EDIT***
I looked at your code and I can see that at least one problem is the form you're using has:
<% provide(:title, 'Sign up') %>
<div style = "width: 200px; margin: 0 auto;">
<form action="form_action.asp" method="get">
<h1>Sign up</h1>
<p align="left">Name:</p>
<input type="text" name="fname" />
<p>Email:</p>
<input type="text" name="email" />
<p>Password:</p>
<input type="password" name="password" />
<p>Password Confirmation:</p>
<input type="password" name="password" />
<br/>
<input type="submit" value="Submit" />
</div>
</form>
There are a few errors in the form. First, the action is to form_action.asp. That looks like it came from an old project. Second, the end </div> and </form> tags are switched -- the form tag should be before the div tag.
<% provide(:title, 'Sign up') %>
<div style = "width: 200px; margin: 0 auto;">
<form action="form_action.asp" method="get">
<h1>Sign up</h1>
<p align="left">Name:</p>
<input type="text" name="fname" />
<p>Email:</p>
<input type="text" name="email" />
<p>Password:</p>
<input type="password" name="password" />
<p>Password Confirmation:</p>
<input type="password" name="password" />
<br/>
<input type="submit" value="Submit" />
</div>
</form>
It's likely that your local machine has different code on it than what you have deployed on Heroku. I'd check carefully -- do a heroku releases --app my-app and it will tell you what the latest git commit is on the server.