1
votes

I'm using the Spring Security Plugin in Grails 2.0.3, and am trying to add a login form to the header of each page if the user is not logged in. When I click my login button, it tries to POST to a controller action that doesn't really have any code to handle the request. Here's what I'm doing

BlogPostController

class BlogPostController {

    static defaultAction = "home"

    /**
     * Summary of the most recent blog posts.
     */
    def home() {
        // snip
    }

    def show() {
        // snip
    }
}

UrlMappings has a few extra entries

"/blog/$year/$month/$day/$title"(controller: "blogPost", action: "show")
"/blog/$action?/$id?"(controller: "blogPost")
"/"(controller:"blogPost")

grails-app/views/layout/main.gsp

<!doctype html>
<html lang="en" >
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title><g:layoutTitle default="My Blog"/></title>
        <g:layoutHead/>
        <r:layoutResources />
    </head>
    <body>
        <g:render template="/banner" />
        <g:layoutBody/>
        <r:layoutResources />
    </body>
</html>

grails-app/views/_banner.gsp

<div id="banner">
    <r:img class="logo" dir="images" file="logo.png" />

    <div class="login">

        <sec:ifLoggedIn>
            <sec:username/>
        </sec:ifLoggedIn>

        <sec:ifNotLoggedIn>
        <g:form name="banner-login" method="POST" action="${resource('file': 'j_spring_security_check')}">
            <ul>
                <li>
                    <label for="j_username">Username:</label>
                    <g:textField name="j_username"/>
                </li>
                <li>
                    <label for="j_password">Password:</label>
                    <g:passwordField name="j_password"/>
                </li>
            </ul>
            <div class="button-panel">
                <g:submitButton name="banner-login-button" value="Log in" />
            </div>
        </g:form>
        </sec:ifNotLoggedIn>

    </div>

</div>

Config.groovy

grails.plugins.springsecurity.auth.loginFormUrl = '/'

When I click my login button it tries to post to "/myblog/blog/%2fmyblog%2fj_spring_security_check" which fails. I think it's because the BlogPostController's home action doesn't know how to handle that request.

Any idea what I'm doing wrong?

Thanks!

2

2 Answers

2
votes

It must be /j_spring_security_check, only this url will be processed by Spring Security filter (if you didn't change this setting, of course). Seems that resource generates wrong url, and I don't see any reason to use it here.

Try ${createLink(uri: '/j_spring_security_check'} instead of ${resource('file': 'j_spring_security_check')}

0
votes

I found that changing

<g:form>

to

<form>

solved this problem. Not sure why the GSP form tag is doing that, but using a plain old element works.