am new to groovy am created small login page and landing page in grails using GGTS its working fine but if i copy paste any url its directly redirecting to the page my requirement is without login its should not redirect to any other page except login page
i created 2 pages for login purpose first is username if its valid then that goes to password page, if that valid that shold redirect to landing page
now if i paste password page or landing page url that should not work without login with username, that should show error message like plz login in to proceed..how to do this one???
Install Spring Security Core. I don't know if you're using grails 2 or 3, but Spring Security Core is available for both, you just need to get the right version.
By default Spring Security Core allows only access to the index page, the other pages will be forbidden. To allow access for logged in users you would need to add #Secured('IS_AUTHENTICATED_FULLY') annotations to your controller's actions. You could also allow access without logging in by adding #Secured('permitAll') to some actions or views.
Related
In Grails, I'm using Spring Security Core plugin and I have 2 questions:
Is there a way to make the browser use HTTPS in specific URLs rather HTTP? I'm using this in Config file, but it's not working: grails.plugin.springsecurity.auth.forceHttps = true
How after login the user will go back to the original requested page, for example, the user is trying to access "securedPage" and this needs to be logged in first to it's redirect to the login page so after login I want the user to go back to that page.
What about trying this?
grails run-app -https // with HTTPS
You can also try using:
grails.plugins.springsecurity.secureChannel.definition = [
'/path/**': 'REQUIRES_SECURE_CHANNEL'
]
or try using this plugin:
https://grails.org/plugin/force-ssl
I have created Azure cloud service and in this cloud service I have a web role serving as a MVC web application. I followed this tutorial to use Microsoft account as the external authentication. When I try with the localhost it works perfectly. However, after I deploy the cloud service, I changed the redirect URL to the site url which is http://109e199cf5864b50ab25ac839f8c151d.cloudapp.net/. But this doesn't work. I can reach the authorization part, but after I login with the Microsoft account I got Error Message: An error occurred while processing your request. What should I do to make it work?
UPDATE:
I tried to remove the [Authorize] tag in my controller so that I don't need to login to see the view. After I deployed again, I got the Error Message directly!!
I didn't login at all! I checked the code this Error Message is actually the Error view from the template in the Shared folder. But there is no change of the code to return me this Error view! What I am missing with the deployment here?
In the comments of the blog post you referenced, the author (Ben Day) said there was an update to the redirect URI.
With the latest version of the ASP.NET Identity code, the redirect uri is a different value. So on account.live.com, the redirect url value for your app is now going to be “http://myapp-url/signin-microsoft”.
You may want to check that you have the correct values here.
I want first page available to everyone and through form (no popup) and Active Directory authentication.
Everything is fine if I use Windows authentication but as I said I don't want popup and I do want first page aviable and with login form fields. Is this possible? If so how to achieve that?
Yes it is possible. You can setup your login controller's login function with [AllowAnonymous] which will make it visible to user even if user is not logged in and rest of the controllers you can specify [Authorize] ... Infect if you create a new template project with type of project as Intranet which will automatically setup your project with windows authentication.
I typed the following code and i got the login sorted.
s2-quickstart com.app User Role UserRole
Now, i want to get the View and Controller for the Login Screen. How can i get it. Should i generate it?
It's suppose to be there in auth/ controller and the action is login.
But i don't even have a auth model class. All what i have is User model class, which has attributes Usernmae, password etc.
2.) After successful login how can i redirect the view?
You are probably using spring-security-core:2.0-RC2, in this plugin version there is no loginController or logoutController in controllers folder like previous version, all about plugin are in target > work > plugins > spring-security-core-2.0-RC2 > spring-security-core-2.0-RC2
There you can find loginController, logoutController and auht view, i order to overwrite auth view, all you need to do is to create in app views directory a new directory and call it just like the plugin view in this case login and inside login a the views auth.gsp and denied.gsp
I hope this can be helpful
About your other question After successful login how can i redirect the view? , grails spring security core has two behaver.
First you can provide a default target it is done by setting grails.plugin.springsecurity.successHandler.defaultTargetUrl = "/someurl
Second and default behaver if someone try to access some url in your app, SSC will intercept the request ask for credentials if user successfully authenticate then user will be taken to that url else SSC will ask again for credentials and so on.
Both behaver can coexist
A simple view example in this repo in github
A simple example how to set defaultTargetUrl in the same repo
i hope it help you
I need to implement security for a new JSF web app that is deployed along with a "legacy" JSP/servlet-based app in a single EAR file (container is WebLogic 11g). Right now I have a JSF Phase Listener that checks whether the user has a flag in their session that indicates that they're logged in (note that "shared session data" has been turned on so that both web apps use the same HTTP session).
I would prefer to not use a Phase Listener if possible and instead specify in web.xml to redirect the user to the login page if they're not logged in (this is how the check has been implemented in the legacy web app) However, the login page lives in the "legacy" app at a different context root than the JSF web app. (note the legacy app runs on an older servlet container version than the new JSF web app).
Is there a way to configure the JSF web app's web.xml file to be able to redirect to the first web app's login page if the they have different context roots?
There does not appear to be a way to do this (redirect to another context root's login page) in WebLogic 11g. Appears as though the Phase Listener solution is the best approach.
Note WebLogic 11g does allow sharing session and User Principal information between web apps deployed in a single EAR, but does not support specifying a URL to a login page that is in different context root than that of the current web app where the web.xml lives. So a servlet filter-like solution that can do the redirection to the login page in the other web app is needed.