I typed the following code and i got the login sorted.
s2-quickstart com.app User Role UserRole
Now, i want to get the View and Controller for the Login Screen. How can i get it. Should i generate it?
It's suppose to be there in auth/ controller and the action is login.
But i don't even have a auth model class. All what i have is User model class, which has attributes Usernmae, password etc.
2.) After successful login how can i redirect the view?
You are probably using spring-security-core:2.0-RC2, in this plugin version there is no loginController or logoutController in controllers folder like previous version, all about plugin are in target > work > plugins > spring-security-core-2.0-RC2 > spring-security-core-2.0-RC2
There you can find loginController, logoutController and auht view, i order to overwrite auth view, all you need to do is to create in app views directory a new directory and call it just like the plugin view in this case login and inside login a the views auth.gsp and denied.gsp
I hope this can be helpful
About your other question After successful login how can i redirect the view? , grails spring security core has two behaver.
First you can provide a default target it is done by setting grails.plugin.springsecurity.successHandler.defaultTargetUrl = "/someurl
Second and default behaver if someone try to access some url in your app, SSC will intercept the request ask for credentials if user successfully authenticate then user will be taken to that url else SSC will ask again for credentials and so on.
Both behaver can coexist
A simple view example in this repo in github
A simple example how to set defaultTargetUrl in the same repo
i hope it help you
Related
I designed an MVC app with authorization that works great. In my app, a user can click a link to view a document. The document displays in another tab. If the user saves that link, logs out, and comes back (without logging in), they can paste the link into the browser to see the document. They can also change the parameters in the link to view documents that may or may not be associated with their account. The link is create as:
#Html.ActionLink("View", "CertificatePDF", "Documents", new { wo_nbr = Model.id}, new { target = "_blank" })
This creates the following link:
http://xxx.yyy.com/Documents/CertificatePDF?wo_nbr=1000462209
How can I prevent users from viewing/changing documents unless they are logged into the app?
Add the [Authorize] attribute to your CertificatePDF action. This should require users to be authenticated. You can add the attribute to your controller class if you want everything to require authentication. Also for the opposite you can add the [AllowAnonymous] attribute to bypass authentication.
I created a new ASP.net core project using VS2019. I did not modify anything from the automatically created weatherforecast controller. My problem is, everytime I just try to debug, the browser pops up asking me to sign in. Is there a default user and password created? How to solve this?
It is probably you are using Windows Authentication while create your Asp.NET project, try uncheck Authentication it will allow getting into the landing page of your application
Make sure that during the creation of the project you didn't add authentication. There's an option to add authentication by default.
am new to groovy am created small login page and landing page in grails using GGTS its working fine but if i copy paste any url its directly redirecting to the page my requirement is without login its should not redirect to any other page except login page
i created 2 pages for login purpose first is username if its valid then that goes to password page, if that valid that shold redirect to landing page
now if i paste password page or landing page url that should not work without login with username, that should show error message like plz login in to proceed..how to do this one???
Install Spring Security Core. I don't know if you're using grails 2 or 3, but Spring Security Core is available for both, you just need to get the right version.
By default Spring Security Core allows only access to the index page, the other pages will be forbidden. To allow access for logged in users you would need to add #Secured('IS_AUTHENTICATED_FULLY') annotations to your controller's actions. You could also allow access without logging in by adding #Secured('permitAll') to some actions or views.
I've created a side bar link for a job that allows users to see a html page which resides in the workspace. I have authentication setup as well in jenkins. If the user is not logged into jenkins, they are not able to view the page unless logged in. Is there a permission I need to change to allow anonymous users to see the html page?
I was able to achieve this by checking Job > Workspace for Anonymous users under 'Configure Global Security'.
I want first page available to everyone and through form (no popup) and Active Directory authentication.
Everything is fine if I use Windows authentication but as I said I don't want popup and I do want first page aviable and with login form fields. Is this possible? If so how to achieve that?
Yes it is possible. You can setup your login controller's login function with [AllowAnonymous] which will make it visible to user even if user is not logged in and rest of the controllers you can specify [Authorize] ... Infect if you create a new template project with type of project as Intranet which will automatically setup your project with windows authentication.