I have a minor issue with SpringSecurity plugin in Grails application.
The user loads a form and lets the session expire.
After submiting the form, the user is redirected to login page.
After sucessfull login, the user is redirected back to the controller/action that handles the form submit, but the method is now GET instead of POST.
Is it possible to fix this behaviour without allowing the controller/action to be accessible via GET method?
Thanks in advance
Related
So I am developing a Rails application with LinkedIn authentication. The application works fine in all the cases except the case when user cancels the login.
I have already visited all the solutions on this site could possibly help, but no luck.
I have designed a very basic login structure and I couldn't understand where to write the code to handle the exception and to redirect the failure to a particular path.
The process I have used to make my login page was: Adding gem, Adding a route to 'auth/linkedin/callback', Adding that controller, Adding omniauth.rb file with provider, client id, key, scope and fields parameters.
Adding from_omniauth method in user model.
And finally the link in view page. Here I have no idea what to manipulate to handle the params error. Thanks
error
In Grails 2.5.1 application i'm using Spring security core plugin 2.0-RC5 , i would like to return back to the requested URL, for instance to access page payOnline you need to be logged in first so i redirect to the login page after the successful login i want to go to payOnline.
How this could be achieved?
To access page payOnline you need to be logged in first so i redirect to the login page after the successful login i want to go to payOnline.
1. Go to Requested page :
By default spring security stores the request url you want to access before you are redirected to the login page. After you logged in successfully you are then redirected to the page you wanted.
E.g.
User trying to access `/payOnline`
If user is not logged in redirect user to `login` page
user successfully logged in redirect to `/payOnline`
What you are asking is the default behavior of spring security core plugin.
If its not working as expected then please check if you have successHandler.alwaysUseDefault config property present in your config.groovy. If yes then remove it.
2 . Got to specific page always :
If you want to go to specific page always after login then you you can specify the controller action to which you want to go in UrlMappings.groovy pretty easily.
Just specify the controller and action to which you want to got after login like below
Lets suppose Provision Controller and payOnline action.
"/"(controller: "provision", action: "payOnline")
This will redirect all the successful login users to payOnline page.
Reference :
http://docs.grails.org/2.5.1/guide/theWebLayer.html#urlmappings
I am using devise with rest enabled. I have a form that requires user authentcation / registration. The authentication is implemented in fancybox light box.
I am able to register and signin using ajax calls. Sign in seems to return a session_id. How do I get the session object after registration. Or, more like is a session object created at registration?
If one is not created how would I bypass signin the first time after registration ?
There seems to be no straight forward way to do this. As of now the only way I can do this is by refreshing the page.
The use case:
On my website, there is a field to post a comment to an item. The field is visible even if the user is not logged in. The user types in the comment and click submit. Because he's not logged in, we redirect him to the login page. The app stored the location. When he successfully signs in, he's redirected back to the previous location, which is the url to the comment form action, but with the verb GET. I managed to avoid this redirection to the last location in this case and instead redirect the user back to the item. That sucks because the user has to enter his comment again.
For those asking: I want to display this comment field in all case to increase the engagement. Don't want to hide this feature from visitors.
My question is very similar to this one
Redirect after login results in 404 error if a user submits a form to a POST-only action and their authentication has timed out
but using Rails 3.1+
THe question is: how to save the post action (with all the parameters) and re-post it once the user successfully logged. Another issue: The post is send via ajax.
Thanks
I'm using the Oauth redirect authorization method to provide authorization for a page tab iframe application.
The flow works like this:
User loads page tab (unauthorized)
User clicks authorize link
Authorization dialog takes over parent window
Accepted authorization redirects to my application to register user account using authorized email.
My application redirects back to the page tab
Loading the page tab causes authorization to be lost, and the user sees the authorize link again. Rinse, repeat, no success.
Confusingly, the application works completely if instead of redirecting to the Facebook Page Tab, I redirect to any path in my application (ie. the root, the user's page, etc.). Only by setting the redirect to the Facebook Page Tab URL does the user get "booted".
Even stranger, if I keep redirection limited to my application, but simply load the Facebook Page Tab, the authorization is killed everywhere. Meaning, post-facebook-page-load, refreshing the application off-Facebook will prompt the user to authorize again, and they are effectively "logged out" of my system.
I am using Rails 3.0.1 with Devise 1.4.2 for user accounts. The user authorization is passed to a Devise registration (I need to keep track of users in my app - a voting-based "contest" application). Devise uses the "Server side Flow" detailed here: http://developers.facebook.com/docs/authentication/
I'm lost as to what would be causing this. Facebook killing the auth cookie? Does this happen?
When you access the facebook tab page first time,signed_request is necessary:
#signed_request = oauth.parse_signed_request(params[:signed_request])
So you can send a parameter when redirect to it from other pages to check if it's the first time.