I have web application ( built using Grails ) in which I am using Spring Security with LDAP.
Login and logout behaviour works fine in application.
Now, I wanted to build the functionality where if admin is logged in application first time forward user to specific page instead of sending user to index/home page.
I modified LoginController ( auth method ) and tried to keep track of login by new domain class. But after login Login controller "auth method" is not called.
can anyone point me to right direction ? is there other controller I need to modify ?
The default Spring Security login form POSTs to a special URL: /j_spring_security_check (the exact URL used can be changed through the apf.filterProcessesUrl configuration parameter) This POST request is handled by the Spring Security internals. To add custom login logic, you can implement your own AuthenticationSuccessHandler as described here.
Related
Am a newbie to Grails. I am using Grails 3.3.2 and am trying to implement security plugin in my app. How do I redirect to a certain page after a successful login.
In your Grails controller you will have the if check of successful login, inside that condition you can write the redirect statement as below,
redirect(controller: 'YOUR_CONTROLLER_NAME', action:'YOUR_GSP_PAGE_NAME')
If you want to redirect page with specific path then use following syntax,
redirect(uri: "PATH_TO_YOUR_PAGE")
See more examples here Grails redirect examples
I need to submit a simple and unique request to a web service hosted inside a regular web based Grails application which is secured with Spring Security plugin. My request should look like:
curl -F username=john password=mypass message="Hello World" http://localhost:8080/myapp/restapi/echo
No work flow, just an unique request and I'm done.
I have a simple secured controller to respond to this request as follows:
#Secured(["ROLE_REST_CLIENT"])
class RestapiController {
def echo() {
respond params.message
}
}
The issue here is that spring security default behavior is to redirect any new request to the login page. How can I change that, search the http params for the user name and password, register the user and go on TO the requested controller action, all in the same unique stateless request?
I had a look at Spring Security REST Plugin but it is aimed to provide a token-based work flow which isn't exactly what I need. (I would also appreciate some guidance to this work flow approach as an optional solution)
I'm trying to create a Twitter-like app with Grails and SpringSecurity plugin, and what I want to do is to allow potential users to create an account from the login page (auth.gsp in SpringSecurityCore).
On this page I have a link to my UserTwitter's controller's create method. It calls the usual create.gsp page. And the problem : when I try to create a new account, it works when I'm previously logged in with another account, but doesn't if I'm not. What should I do ?
Thanks for your help.
May be your action is secured by Spring Security Service by using annotation or URL mapping in config. If this is the case then free your action from Spring Security Service. See this link to free your action from Spring Security Service.
I am using GGTS and Grails 2.2.0 and have implemented spring security along with Basic Auth with the following options
Config.groovy
grails.plugins.springsecurity.useBasicAuth = true
grails.plugins.springsecurity.digest.realmName = 'someval'
LogoutController {
def index = {
redirect uri: SpringSecurityUtils.securityConfig.logout.filterProcessesUrl
}
When I click on logout – it does not log the user out, it takes me back to the home page. I have looked at the forums, but have not found anything that works.
I want to make sure that whatever solution is implemented, logs off the use completely and the user is not able to return back to the original page without logging back in.
Any pointers/suggestions are appreciated.
The problem is HTTP Basic Authentication. It doesn't specify a way to log out. I believe there are some "unofficial" methods that work (see How to log out user from web site using BASIC authentication?), but Spring Security doesn't appear to use them.
The best solution is to avoid Basic Auth altogether. If that's not an option, you'll have to write a custom LogoutController that e.g. sends back a 401 error code.
I'm using Grails and Spring Security. Some methods of the controller are annotated with #Secured and when the logged in user doesn't have the necessary roles I want him to be redirected to the last visited page instead of to /login/denied.
I guess that the real question is how to get the last page visited so that I can redirect him accordingly from the denied method?
There is a way to do this in JavaScript, using back button, but I am looking for a way to achieve this on the server side.
maybe you could use an interceptor to store the history of you views and then with an accessDeniedHandler redirect to the previous one