I am using the new grails 2.3.4 with Spring Security Core 2.0-RC2 plugin. I have generated the domain objects and got also a user via the Bootstrap.groovy into the db. However, I am wondering where to specify a custom login for my page?
Is it also possible to do the sign up process via the spring security plugin?
I appreciate your answer!
Create a gsp in the following pattern: grails-app/views/login/auth.gsp.
This way the default template is automatically replaced.
Related
I have upgraded Grails and Spring Security to latest (3.3.0.RC1 and 3.2.0.M1 respectively) by following all of the migration paths but now my annotations no longer work. Control follows through to my not authorised callback (grails.plugin.springsecurity.adh.errorPage).
I have my own list of enum backed Permissions that I use to populate my list of authorities which are being correctly loaded for my user object but they no longer work in my annotations using the hasRole expression as follows;
#Secured(["hasAnyRole('PERM_VIEW_REPORTS'"])
other expressions are working fine such as the following
#Secured("authentication.name == 'sys_admin'")
#Secured("hasRole('PERM_VIEW_REPORTS')")
I don't suppose anyone has had any similar experience with the latest Spring Security release for Grails. Remember the above has worked perfectly until I upgraded but I don't see anything in the migration path that suggests there might be a problem with this system.
Thanking for any suggestions in advance.
This came down to the "ROLE_" prefix being mandatory again in the new Spring Security 3.2.0.M1 release. As can be seen from above, I had being using a "PERM_" prefix up to now to indicate that I'm using a permission based instead of role based paradigm.
I'm hoping to add this to the migration guide for the plugin as it's a major omission AFAIC. I would hope this would become a configuration option for the plugin in a future release.
EDIT:
It turns out Spring Security have introduced new methods hasAuthority() and hasAnyAuthority() which do not use the default role prefix and so can be used in place of hasRole() and hasAnyRole().
I have forked and updated the Spring Security docs for 3.2 and sent a pull request.
Please try with
#Secured ('ROLE_USER')
If you're trying to secured with more than one Role
#Secured(['ROLE_USER','ROLE_ADMIN'])
I am attempting to use the Grails Spring Security Core plugin. I would like to override the login functionality, which is 'login/authenticate'. I searched through the spring-security-core plugin source and wasn't able to find the 'authenticate' method, and its not in the generated LoginController.
https://github.com/grails-plugins/grails-spring-security-core/blob/master/grails-app/controllers/grails/plugin/springsecurity/LoginController.groovy
Any guidance would be most appreciated. Thank you in advance.
Spring security is built around filter chains. The correct way would be to create a new filter. You probably need to download the spring grails security core plugin and look at classes like GrailsUsernamePasswordAuthenticationFilter to get a feel for how to do it. Your way forward might be to copy GrailsUsernamePasswordAuthenticationFilter, install it as your authentication filter, and put logging in there.
I need configurate my web application to login with spring-security using username store in my DBs' app(im using PostgreSQL) from my auth.gsp page. How i performance this? Thanks in advance
Really is very simple, but I didnt know. I create another auth.gsp with my specific css and js, and in field text I named same as in default auth.gsp generate by spring security plugin. My auth.gsp is located in grails-app/view
Spring Security in Grails 3 sets up a login page view and controller after following the quick start guide.
https://grails-plugins.github.io/grails-spring-security-core/v3/index.html#s2-quickstart
There should be auth.gsp, loginController.groovy created somewhere automatically. They are not visible in the app workspace. Where are they?
They're in the plugin, in both the 2.x and 3.x plugins. To override any of them, create a file with the same name and put it in the same relative location in your app and Grails will use yours instead.
This is the first time i have attempted to use spring security UI in my Grails application.
I am currently using Spring Security Core and it works fine but I like the ideas of the UI plugin.
I have read through the documentation and I cannot see any single commant to run to set everything up with default values. Keeping in mind I have Spring Security Core already running.
Can anyone please help me out.
Thanks
You just need to override your auth view using
grails s2ui-override auth