I installed Grails Spring Security Core Plugin and it works great, but I can't find the gsp file for the login page. I want to change the login page to match my web theme. Anyone knows how to find the file ? I tried generate-views and also generate-all followed by User, UserRole, and Role domain classes but I didn't see the actual files. Also I can't find the login and logout controllers for the spring security core plugin in my project directories. Any idea what's going on ?
They're in the plugin itself, so it depends on where your plugins get installed. In 2.3 they'll be under target/work/plugins, and in earlier versions they'll be in the .grails folder which is in your home directory, so it'll be something like $HOME/.grails/2.x.x/projects/<projectname>/plugins
I like to keep things simple by deleting the grails.project.class.dir, grails.project.test.class.dir, and grails.project.test.reports.dir settings from BuildConfig.groovy and adding just
grails.project.work.dir = 'target'
so everything is in one place.
Related
Spring Security in Grails 3 sets up a login page view and controller after following the quick start guide.
https://grails-plugins.github.io/grails-spring-security-core/v3/index.html#s2-quickstart
There should be auth.gsp, loginController.groovy created somewhere automatically. They are not visible in the app workspace. Where are they?
They're in the plugin, in both the 2.x and 3.x plugins. To override any of them, create a file with the same name and put it in the same relative location in your app and Grails will use yours instead.
I have a fairly complicated grails plugin dependency structure within my project and I am having problems overriding classes from the security plugin.
My structure is a little something like this:
Web App
|_ Audit Plugin
|_ Spring Security Core Plugin
|_ Security Wrapper Plugin
|_ Audit Plugin
|_ Spring Security Core Plugin
The reason it is like this is audit is shared between some apps which have the security wrapper, and some what don't, which is why it pulls in Security-Core (it needs at least the ability to get the current principal).
Similarly the wrapper is shared between multiple web apps therefore we put it in a plugin. My problem comes after upgrading Spring-Security-Core to version 2.
My wrapper has a customer auth.gsp and LoginController.groovy. In the older version of security this was fine, as the plugin templated those and made them available in the source of the installing plugin.
However now these files are internal to the plugin, and although I know you can override them within the main app, when trying to override them within another plugin I get some bizarre results.
The Spring-Security-Core version of the login page always overrides my custom login page. I cannot get mine to take precedence.
The second problem is that the LoginController.groovy from the Spring-Security-Core plugin sometimes takes precedence over my one from the wrapper. It seems almost random between builds as to which one will be in use.
Is there any correct way to go about making sure my views and controllers take precedence?
OK playing around with things I found a solution that seems to work for me:
Firstly I couldn't change the order in which the plugins load because the security wrapper does a lot with spring beans and it has to load after the core plugin for this to work. So after a bit of digging in the (DefaultSecurityConfig.groovy) I noticed that you can set the following properties:
grails.plugin.springsecurity.failureHandler.defaultFailureUrl = '/login/authfail? login_error=1'
grails.plugin.springsecurity.failureHandler.ajaxAuthFailUrl = '/login/authfail?ajax=true'
grails.plugin.springsecurity.auth.loginFormUrl = '/login/auth'
So I created a custom controller and login page which have a different name to the ones use in the core plugin and changed these properties to point to my locations.
To neaten this up, in the UrlMappings for the wrapper (named: SecWrapperUrlMappings) I put a mapping from /login/** to /seclogin/**.
Make sure that these new locations aren't locked down so that people can access them and that seems to work well. I now reliable know, whichever order they load in my login page and login controller are used.
In Grails-4.013 and spring-security-core-4.0.4, I did the following trick.
In my custom plugin instead of LoginController and LogoutController I named them as SigninController and SignoutController respectively. And in UrlMappings.groovy of App mapped them like..
static mappings = {
"/login/$action?"(controller: "signin")
"/logout/$action?"(controller: "signout")
....
....
}
I am trying the common issue of configuring different URLs according to Roles using grails 2.3.3 and spring security spring-security-core:2.0-RC2.
I've found the following posts:
first post and a
modification in a second post http://desmontandojava.blogspot.com/2013/08/grails-tip-different-url-depending-on.html
but none of them work for my version, references didn't work for my version or packages are different now, they are all based on Burt Beckwith excellent presentation about hacking the spring security plugin, but they seem to be outdated, has anyone tried this with a recent version of grails and spring-security-core spring-security-ui?
I also tried the simple version of simply asking in a controller for the role and redirecting but it didn't work either, it had an odd behavior.
This Link worked for me:http://desmontandojava.blogspot.com/2013/08/grails-tip-different-url-depending-on.html
But only after I commented out this line in UrlMappings.groovy
// "/"(controller:"console", action:"myaction")
I was able to accomplish the task, however I had a problem, when logged out, the application was redirected to root and I did not have index.gsp so there was an error, then the only thing I did was add this property to Config.groovy.
grails.plugin.springsecurity.logout.afterLogoutUrl='/login/auth'
I used Grails recently, and added Grails plugin for JQuery, but I don't think it did anything more than just copy some jQuery files over.
So far, I have seen info only on 'how to install and use' plugins...but I can't find anything that describes the concept of a plugin.
Can somebody please tell me, what is a Grails Plugin? And what does it mean to 'Install' a plugin?
A Grails plugin is (or should be) a self-contained bundle of functionality that can be installed into a Grails application. When a Grails plugin is installed, it can do any of the following:
define additional Spring beans
modify the generated web.xml
add new methods to the application's artefacts (controllers, domain classes, services, etc.)
provide new tag libraries
make additional resources and classes available to the application
provide new Grails commands
For example, when you install the JQuery plugin
the JQuery JavaScript files are added to the application
a new Grails tag <jq:jquery> is added to the application
a new Grails command grails install-plugin jquery is added to the application
When you install a Grails plugin, that plugin's functionality is made available to the installing application. However, the plugin itself is not actually copied into the application, only the plugin name and version is added to the application's application.properties file. The plugin itself is downloaded to $HOME/.grails and the application loads it from there.
The structure of a Grails plugin project is identical to that of a Grails application, with the exception of a configuration file (known as a plugin descriptor) that is included in a plugin's root directory.
Well, a Grails plugin is some piece of software that extends the frameworks funcionalities in some manner. Generally, installing a plugin in Grails means copying it to your Grails folder, so projects can refer to it and Grails will know where to find it.
Grails plugins have this folder structure:
grails-app
controllers
domain
taglib
service
etc
lib
src
java
groovy
web-app
js
css
So anything it has there will also be available to the application that uses it. For example, the Searchable plugin has a service class which you can use to perform advanced searchs in your own domain classes .
The jQuery plugin you mentioned has the jQuery .js file, and a tag to include that file.
For information on creating plugins, see http://grails.org/doc/latest/guide/12.%20Plug-ins.html
A plugin is just a set of functionality around a desired purpose. So the Spring Security plugin provides a way to lock down your app, assign roles to users, restrict access, whatever. The Searchable plugin allows you to integrate advanced searching into your app. There are lots of plugins
The point is to provide useful functionality so that you don't have to implement hard things yourself. Someone did something useful, and they wanted to contribute back to the community, so they organized their functionality and made it available.
A plugin is code and configuration, like any functionality you would implement yourself.
There is some documentation here: http://grails.org/doc/latest/ref/Plug-ins/Usage.html
I have a plugin with domain, controller and view pages. (Using grails 1.3.6)
I run the plugin as standalone, the views work fine. URL: http://localhost:8080/sample-plugin/gp/list. I am able to view the list page.
I installed the plugin into a main application i.e. plugin-test. Start as run-app within STS and browse to http://localhost:8080/plugin-test/gp/list. I am able to view the list page.
I bundle the application as war i.e. plugin-test.war and deploy to tomcat. When I browse to http://localhost:8181/plugin-test/gp/list I get a 404 error! I am not sure what I am doing wrong.
I have been trying to resolve it for quite sometime now and still no luck. The same main application works fine in STS but not in tomcat.
HTTP Status 404 - /plugin-test/WEB-INF/grails-app/views/gp/list.jsp
type Status report
message /plugin-test/WEB-INF/grails-app/views/gp/list.jsp
description The requested resource (/plugin-test/WEB-INF/grails-app/views/gp/list.jsp) is not available.
Please help.
Thank you.
Jay Chandran.
This sounds worryingly familiar, as I spent a while figuring out this (or a very similar) issue. I ended up raising this Grails bug report:
Plugin layout not found in war when installed from BuildConfig.groovy
Have you installed the plugin as using the new BuidConfig dependency technique? The JIRA documents my workaround.
Sharing some of my lessons learned after experiencing the same exact issue (1.3.7):
Double check your HTML source to make sure that your template really isn't being included. Mine was being included, but my CSS/image URLs were wrong (only while running as a war)...so I wrongly assumed that my template wasn't there.
Don't use the ui performance tags for referencing your static content...doesn't appear to work, even if the plugin attribute is specified.
Don't name your layout main.gsp. You're guaranteed to have conflicts.
Don't use absolute=true on your g:resource tags. This doesn't appear to append the pluginContextPath to the absolute url, even if you specify dir="${pluginContextPath}"
Don't use pluginContextPath, as it's no longer required: http://grails.org/doc/latest/guide/single.html#6.3%20Tag%20Libraries (search "Plugin Paths")
In your g:resource tags in your plugin layout, make sure you specify the plugin attribute. Set it to the name of your plugin.
Move your static images/css from your plugin to a web server. If each application using your plugin has its own copy, your users aren't going to benefit from caching when bouncing between apps.
Note that all of the above applies to the layout gsp in your plugin project, not your consuming application.