I have a grails project. Right now, the user can access it either with HTTP or HTTPS. I would like to require that they can only access it through HTTPS. any ideas? I do have spring security core installed, if that can be of help
thanks
jason
Spring's core supports that:
grails.plugins.springsecurity.secureChannel.definition = [
'/path/**': 'REQUIRES_SECURE_CHANNEL'
]
Related
On railscast epidose "#353 OAuth with Doorkeeper", it has no client application set up. How to set up client application server to avoid the This webpage is not available on browser, instead return something.
I've already tried the following found on this link, but it still doesn't work for me.
Thanks!
Refer this repository by RyanB.
353-oauth-with-doorkeeper/oauth_client/
In my Grails project i'm using spring core plugin , i want to force the browser to use HTTPS while login , i found this setting :
grails.plugin.springsecurity.auth.forceHttps = true
but when i put it in the Config file,but when i try to access an action that needs to be logged in first rather directing my to the login page using HTTPS it shows me
This page can't be displayed
as shown in the image attached image anything i'm missing ?
There are two settings with the Grails spring security plugin to use here. the secure channel definition below says that all URLs for the application must use HTTPS and thus will automatically redirect to HTTPS. You can change this definition to suit your needs.
grails.plugin.springsecurity.auth.forceHttps = true
grails.plugin.springsecurity.secureChannel.definition = [
'/**': 'REQUIRES_SECURE_CHANNEL'
]
In Grails, I'm using Spring Security Core plugin and I have 2 questions:
Is there a way to make the browser use HTTPS in specific URLs rather HTTP? I'm using this in Config file, but it's not working: grails.plugin.springsecurity.auth.forceHttps = true
How after login the user will go back to the original requested page, for example, the user is trying to access "securedPage" and this needs to be logged in first to it's redirect to the login page so after login I want the user to go back to that page.
What about trying this?
grails run-app -https // with HTTPS
You can also try using:
grails.plugins.springsecurity.secureChannel.definition = [
'/path/**': 'REQUIRES_SECURE_CHANNEL'
]
or try using this plugin:
https://grails.org/plugin/force-ssl
I integrated the spring-security-oauth plugin into my app, and the login over FB or Google seems to be working fine.
The problem I have now, is that the authentication expires along with the tomcat session, which is not what it should be. I want the OAuth-authentication to be persistent on client's machine. Some sort of spring security's remember-me functionality is needed.
Is there a possibility to activate it out-of-box?
TIA
I have this setup in my application. What you want to do is enable rememberme configuration:
http://grails-plugins.github.io/grails-spring-security-core/docs/manual/guide/single.html#rememberMeCookie
run the s2-create-persistent-token script
In config file:
rememberMe.alwaysRemember = true // by default it is false
rememberMe.persistent = true // by default it is off
I don't have my application on hand but if you need exact configs, let me know and I'll post it up later for you.
so, after doing some research and talking the plugin creator here http://github.com/enr/grails-spring-security-oauth/issues/9, the solution was found. It will be available in the upcoming release, or you can do it yourself
in a struts application, I have a filter that forces certain pages to be accessed only over https via redirection. I'm thinking in porting it to grails so my question is: In the this environment, is there a "grails" way to implement such filter or is it similar/the same as I did ? Thanks
The Spring Security core plugin has support for this. See section 17 - "Channel security"