In Grails, I'm using Spring Security Core plugin and I have 2 questions:
Is there a way to make the browser use HTTPS in specific URLs rather HTTP? I'm using this in Config file, but it's not working: grails.plugin.springsecurity.auth.forceHttps = true
How after login the user will go back to the original requested page, for example, the user is trying to access "securedPage" and this needs to be logged in first to it's redirect to the login page so after login I want the user to go back to that page.
What about trying this?
grails run-app -https // with HTTPS
You can also try using:
grails.plugins.springsecurity.secureChannel.definition = [
'/path/**': 'REQUIRES_SECURE_CHANNEL'
]
or try using this plugin:
https://grails.org/plugin/force-ssl
Related
I am working on my first Grails + Spring Boot appcation along with React JS to build a single page application.
The landing page is index.gsp
I am facing little trouble with UrlMappings.
What I want to achieve is, if url doesn't start with /api/** or /assets/** then it should be redirected to / (root - index.gsp).
As of now, it is giving me 403, forbidden error, if i refresh my single page application.
Do let me know if you need any other information.
Regards,
Priyank Thakkar
Well, I figured it out.
In my URLMappings.groovy, I had to enter
"/**"(view:"/index")
at end of the file after all the mappings are done.
am new to groovy am created small login page and landing page in grails using GGTS its working fine but if i copy paste any url its directly redirecting to the page my requirement is without login its should not redirect to any other page except login page
i created 2 pages for login purpose first is username if its valid then that goes to password page, if that valid that shold redirect to landing page
now if i paste password page or landing page url that should not work without login with username, that should show error message like plz login in to proceed..how to do this one???
Install Spring Security Core. I don't know if you're using grails 2 or 3, but Spring Security Core is available for both, you just need to get the right version.
By default Spring Security Core allows only access to the index page, the other pages will be forbidden. To allow access for logged in users you would need to add #Secured('IS_AUTHENTICATED_FULLY') annotations to your controller's actions. You could also allow access without logging in by adding #Secured('permitAll') to some actions or views.
I'm using spring-security-core:2.0-RC5 Grails plugin , i searched on how to force the browser to use HTTPS on specific application's pages i found the below configuration :
grails.plugin.springsecurity.auth.forceHttps = true
grails.plugin.springsecurity.secureChannel.definition = [
'/login/**': 'REQUIRES_SECURE_CHANNEL'
]
when i apply this in the config, and try access the login page, it shows me this page can't be displayed , and the protocol is still HTTP ,i know there is a way to run the whole application onHTTPS by using grails run-app -https but what i need to achieve is to force some pages to use HTTPS , is there a way to make this ?
In my Grails project i'm using spring core plugin , i want to force the browser to use HTTPS while login , i found this setting :
grails.plugin.springsecurity.auth.forceHttps = true
but when i put it in the Config file,but when i try to access an action that needs to be logged in first rather directing my to the login page using HTTPS it shows me
This page can't be displayed
as shown in the image attached image anything i'm missing ?
There are two settings with the Grails spring security plugin to use here. the secure channel definition below says that all URLs for the application must use HTTPS and thus will automatically redirect to HTTPS. You can change this definition to suit your needs.
grails.plugin.springsecurity.auth.forceHttps = true
grails.plugin.springsecurity.secureChannel.definition = [
'/**': 'REQUIRES_SECURE_CHANNEL'
]
new to laravel and experimenting on an ordering app using cloud9 and laravel5.1 . I was able to create authentication and make the ordering work. but my problem is when I try to login or register with the wrong credentials the error message is not displaying, and sometimes it shows up out of the blue.. does the https or http matters when laravel tries to redirect? you can view the full source code here: https://github.com/2n2n/food4lunch
you can try it by visiting this link: https://food4lunch-a2n2n-2.c9.io/
Instead of simply using redirect(), try using:
redirect()->intended($this->redirectPath(), 302, [], true);
to force Laravel to send as HTTPS. if it works then the issue is on redirect.