I installed Spring Security Core in my Grails application and set it up using s2-quickstart
. I want '/' to handle login and logout actions. It means for me that user which is not logged in is able to access only root page and nothing else. Practically, everything except '/' should be blocket for users without role 'ROLE_ADMIN'.
I added login form on root page and set following configuration in Config.groovy:
grails.plugin.springsecurity.auth.loginFormUrl = '/'
grails.plugin.springsecurity.auth.ajaxLoginFormUrl = '/'
grails.plugin.springsecurity.failureHandler.defaultFailureUrl = '/'
grails.plugin.springsecurity.failureHandler.ajaxAuthFailUrl = '/'
grails.plugin.springsecurity.logout.postOnly = false
grails.plugin.springsecurity.userLookup.userDomainClassName = 'adminpanel.security.SecUser'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'adminpanel.security.SecUserSecRole'
grails.plugin.springsecurity.authority.className = 'adminpanel.security.SecRole'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll']
]
I set @Secured(['ROLE_ADMIN'])
on every controller of mine and added something like this to my index.gsp:
<head>
<sec:ifAllGranted roles="ROLE_ADMIN">
<meta name="layout" content="main"/>
</sec:ifAllGranted>
<sec:ifNotGranted roles="ROLE_ADMIN">
<meta name="layout" content="login"/>
</sec:ifNotGranted>
<title>Home Page - Admin Panel</title>
</head>
There are two problems:
The configuration works as I expected, but when I type in the browser:
localhost:8080/AdminPanel/login/auth
the page still exists and I can access it even being logged out user. I want to remove this URL completely, either logged in or logged out user shouldn't be able to access it.Even if the user is logged out,
/login/auth
view is rendered using"main"
layout, despite the fact that I have the code I mentiond above in my index.gsp, which should change layout to"login"
. Why?
Thanks in advance!
/login/auth
mapping, but to map/
to the login page, you can add this line toUrlMappings
:"/"(controller: "login", action: "auth")
For #2, the default SpringSeclogin/auth.gsp
view applies the main layout. – Andrewflash.message
(no "s") by default. – Andrew