I would like to be able to log the requests that my app receives that are unauthorized. Because the Shiro plugin uses an HTTP redirect to send the user to auth/unauthorized the request object is a fresh one and I can't get the original URL; controller/action name; or request parameters from it.
Is there a way to determine either the original url, or the controller and action names (and request params if possible) inside the AuthController unauthorized action?
I am looking at http://plugins.grails.org/grails-shiro/tags/RELEASE_1_1_3/ShiroGrailsPlugin.groovy as a reference of the plugin source.
Details:
Grails 1.3.7
Shiro Grails plugin 1.1.3
I had the same problem... my solution is not perfect:
a browser sends the so called referer in one of the headers which you can get through
request?.getHeader('Referer')
But the referer is nothing you really can rely on -- but most of the browsers send it.
Another solution could be the filter: try to write the current url to another variable before you call accessControl() in ShiroSecurityFilters.groovy. You can get the current URL through request.forwardURI.
Update: just verified my last assumption - this seems the cleanest solution to me:
In ShiroSecurityFilters.groovy, replace
// Access control by convention.
accessControl()
with
// Access control by convention.
if (!accessControl()) {
session.deniedUrl = request.forwardURI
return false
}
which enables you to access the url as session.deniedUrl in your auth/unauthorized controller.
Related
I´m using spring security rest. Actually to refresh token im using this url: /oauth/access_token?grant_type=refresh_token&refresh_token=token
However i'm using api rest and I want to use /api/oauth to refresh token instead of /oauth.
I tried redirect in urlMappings, but response 404 not found.
"/api/oauth"(redirect: '/oauth')
"/api/oauth"(redirect: '/oauth')
As you found, that mapping won't work but there may not be a good reason to use a redirect anyway. The plugin provides a mapping like this:
"/oauth/access_token"(controller: 'restOauth', action: 'accessToken')
(see https://github.com/alvarosanchez/grails-spring-security-rest/blob/d5940921b4aea466a961957e0599321d01e4c6de/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthUrlMappings.groovy#L24)
You can map whatever url you like to that controller. You could do this...
"/api/oauth"(controller: 'restOauth', action: 'accessToken')
*** Work for me grails spring refresh token
-method : Post
-http://localhost:8085/oauth/access_token?grant_type=refresh_token&refresh_token={your_access_token}
I have requirement of changing GET to POST redirection to external URL.
Currently, we are using checkFormRedirect(url,req,res) to redirect to external URL which by default uses GET as per my understanding. I want to change this request to POST.
One way is we can use HTTPClient API for re-direction.
Is there any way ATG out of box provide some thing to POST redirection. Please help.
If you submitted a form in JSP as you are using checkFormRedirect(). It is already a POST request and you can get data in your handlerXXX method.
You can use this method to control redirects. The API call of this method looks somewhat like:-
public boolean checkFormRedirect(pSuccessURL, pFailureURL, pRequest, pResponse);
Now, this method redirects to pSuccessURL if no form errors are found in the form. Otherwise, it redirects to pFailureURL.
I have a website built from Ember.js. A user can access a page through URL http://..../view?showTitle=true. However I don't want to explicitly expose the parameter showTitle=true to the user (meaning user will only see http://..../view). This URL is automatically generated and serves as a redirect destination URL. So, I have to remove it manually somewhere before the page load. But I still need this value of this query parameter to query data. Is there a way to achieve that (A example would be great)? What about do it without refreshing the router?
Actually, an example of your scenario would be greater :)
There are some other ways to store data while transitioning to a route. Such as: storing the params in transition object or storing the value in a service. Create a redirection route, use beforeModel hook to grab the value from query params then do a redirection to the real route.
A working example is: ember-twiddle-1
By the way, even if you don't describe your queryParamsin your routes, you can access them via transition.queryParams. This seems a bit hacky. But it works: ember-twiddle-2 (Note: It doesn't work in the same route.)
Updated:
At the setupController hook you can override the controller parameters. So you can remove the parameters from the url. ember-twiddle-3
the request was sent from an HTML form, the request body contains the form data,how can i retrieve that data in my Grails application.Below is the URL from where i need to retrieve data.I'm a Rookie in Grails so please help me with this.
hxxp//localhost:8080/copypolicyNumber/loginaction.jsp?fname=Roger&lname=wallace&city=Des+Moines&pnum=123456&submit=Submit
As you just started with Grails, I suggest you look at the screencasts available in the Grails website, and also check the free e-book Getting Started with Grails (need registration).
Grails works with the params map for both GET and POST requests. Also, it uses an special url mapping that you need to be aware of.
So, assuming that you have a login controller with the action login and considering that you called the url: myapp/login/login?fname=Roger&lname=wallace&city=Des+Moines&pnum=123456
class LoginController {
def login() {
println params.fname //Roger
println params.lname //wallace
println params.city //Des Moines
println params.pnum //123456
}
}
I am currently working on a filter in Grails that will allow me to redirect all incoming requests on foo.org to the same subpage on foo.com.
So far I have been doing the following:
if(!(""+request.requestURL).toLowerCase().startsWith(
grailsApplication.config.grails.serverURL ))
{redirect(url:"${grailsApplication.config.grails.serverURL}${request.requestURI}",params:params) }
Unfortunately, I am experiencing several issues in this approach:
The request.requestURI value seems to behave differently than expected: instead of giving me the normal "/[controller]/[action]" pattern as I would expect, it returns something like: "/grails/[controller]/[action].dispatch". - Is there an alternative way to obtain the "normal" URI? (excuse me if this is trivial, but have not been able to find it in the documentation, nor by trying out the various methods available on the request object)
Params are not being passed in the above redirect. This is probably due to the fact that I am using the "url" parameter in the redirect which according to the docs is supposed to be used for redirects to absolute paths (which again causes it to ignore the params section?). However, since I will not be able to use the normal redirect(controller:...,action:...) approach when redirecting to another domain what approach could I use in order to pass the params correctly along to the subpage on foo.com ? Am considering a solution where I will add the params manually via a params.each{} closure, but isn't there a more elegant solution to this?
301 redirects. Since my redirects are of a permanent nature, I would like to use the 301 status code. I have tried to set "response.status = 301" but it seems to be ignored when using the Grails redirect(...) method. Further I can see from grails.org that this seems to be introduced with grails 2.0, but is there a way to obtain this already now in Grails 1.3.7?
Use request.forwardURI.
If you have meant GET params, then it should be resolved using the above URI?
I think 301 redirects are not possible using classic redirect. You can do this in a filter like this, which is obviously not the cleanest way:
def filters = {
all(controller:'*', action:'*') {
before = {
if (request.serverName == "foo.org") {
response.setStatus(301);
response.setHeader("Location", "http://foo.com" + request.forwardURI)
response.flushBuffer()
return false; // return false, otherwise request is handled from controller
}
}
}
}