How to make the login/ page in Grails Spring Security 2.0 the inital screen?

4
votes

I am migrating from grails 2.2.2 to grails 2.3.4 to avoid a bug in 2.2.2 where the text value in the spring security property messages where not displaying, but I am running into all sorts of issues. Stuff that worked before, now it does not.

PROBLEM

When I run the grails app, the initial default page is index.gsp which is standard functionality but after installing and configuring the spring security core, spring security ldap, and spring securiy ui plugins I would like to make the /login/auth my default page.

In the previous release, I had it done via the UrlMappings.groovy config file by simply commenting, replacing or deleting this line

"/"(view:"/index")

for this one

"/"(view:"/login/auth")

My Config.groovy is set so that if the authentication is successfull to take me to the home page

grails.plugin.springsecurity.userLookup.userDomainClassName = 'security.Person'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'security.PersonAuthority'
grails.plugin.springsecurity.authority.className = 'security.Authority'
grails.plugin.springsecurity.requestMap.className = 'security.Requestmap'
grails.plugin.springsecurity.securityConfigType = 'Requestmap'
grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/home/'

and my Requestmap entries in the Bootstrap (if they are of any importance for this issue are as follows):

for (String url in [
        '/', '/index', '/index.gsp', '/**/favicon.ico',
        '/**/js/**', '/**/css/**', '/**/images/**',
        '/login', '/login.*', '/login/*',
        '/logout', '/logout.*', '/logout/*']) {
     new Requestmap(url: url, configAttribute: 'permitAll').save()
  }

  new Requestmap(url: '/home/*', configAttribute: 'IS_AUTHENTICATED_FULLY').save()

It turns that when i do that... Eureka the login/auth comes as soon as the application is started but when I put the correct authentication credentials it does not seem to authenticate, it does does a 'slight little flicker' and it shows itself again.

However, If I delete this line

"/"(view:"/login/auth")

and put this one back in

 "/"(view:"/index")

and then when I restart the application I manually to login/auth and put the correct credentials then it correctly takes me to the home page.

QUESTIONS

  1. Did I miss any config setting anywhere that would make the login/auth the first page (but also allowing me to authenticate)?

  2. I am not sure if this should be a separate posted question, but now by design the login page it's part of the plugin, before it was generated by and part of my code and I could style at my will. Do I have to copy paste the LoginController and the Auth.gsp in my app in order to customize the view or is there a better preferred way?

Thanks in advance.

2
authenticationgrailsspring-securitygrails-2.0grails-plugin

2 Answers

3
votes

The authentication mechanism in Spring Security works by keeping track of a referral URL when the login page is shown. And then redirecting to this page on a successful login. If you want the login page to be the first page people see just make the root view require authentication. I'm assuming most, if not all, of your application requires authentication. If this is the case, you don't need to make the login page the root view. Assuming everything under /home/* is locked down then Spring Security will detect that and immediately redirect to the login page when any of the secured pages are requested.

Long story short, you're making it harder than it needs to be.

As to your second question, I do believe you just need to create your own versions of those files in your app to customize them.

1
votes

Hey I'm not pretty sure about your problem but you can try making the default login url /login/auth by 

grails.plugin.springsecurity.auth.loginFormUrl = '/login/auth'