Geek asks and answers

Grails, Spring Security Core - remove / login / auth from application

I installed Spring Security Core in my Grails application and configured it with s2-quickstart. I want the "/" to handle login and logout actions. This means that a user who is not logged in only has access to the root page and nothing else. Almost everything except "/" should be a block for users without the role "ROLE_ADMIN".

I added the registration form to the root page and set the following configuration in Config.groovy:

grails.plugin.springsecurity.auth.loginFormUrl = '/'
grails.plugin.springsecurity.auth.ajaxLoginFormUrl = '/'
grails.plugin.springsecurity.failureHandler.defaultFailureUrl = '/'
grails.plugin.springsecurity.failureHandler.ajaxAuthFailUrl = '/'
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.userLookup.userDomainClassName = 'adminpanel.security.SecUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'adminpanel.security.SecUserSecRole'
grails.plugin.springsecurity.authority.className = 'adminpanel.security.SecRole'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    '/':                              ['permitAll'],
    '/index':                         ['permitAll'],
    '/index.gsp':                     ['permitAll'],
    '/**/js/**':                      ['permitAll'],
    '/**/css/**':                     ['permitAll'],
    '/**/images/**':                  ['permitAll'],
    '/**/favicon.ico':                ['permitAll']
]

I installed @Secured(['ROLE_ADMIN'])on each controller and added something like this to index.gsp:

<head>
    <sec:ifAllGranted roles="ROLE_ADMIN">
        <meta name="layout" content="main"/>
    </sec:ifAllGranted>
    <sec:ifNotGranted roles="ROLE_ADMIN">
        <meta name="layout" content="login"/>
    </sec:ifNotGranted>
    <title>Home Page - Admin Panel</title>
</head>

There are two problems:

  • , , : localhost:8080/AdminPanel/login/auth , , . URL, , .

  • , /login/auth "main", , , index.gsp, "login". ?

!

+3
1

/login/auth - "/$controller/$action?/$id?" UrlMappings. - . , , , . , grails.org .

, , 404, , . - Grails, . grails create-filters site SiteFilters.groovy:

package com.foo.bar

class SiteFilters {

   def filters = {
      loginUnmap(uri: '/login/**') {
         before = {
            response.status = 404
            false
         }
      }
   }
}

100% , , , SiteMesh. , , , GSP , , , <g:if>, , .

+3

More articles:


All Articles