I am new to Grails. I started a new project from scratch and added Spring Security Core as authentication and authorisation (I am using GGTS as a tool). My problem is that if I start using Requestmap, it does not work at all, even if I am using the instructions I have found all around the net. Here is my configurations.
Buildconfig.groovy:
compile ':spring-security-core:2.0-RC4'
Command I used to create default objects
s2-quickstart com.company.foobar User Privilege Requestmap
Config.groovy
grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
grails.plugin.springsecurity.logout.postOnly = false
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.company.foobar.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.company.foobar.UserPrivilege'
grails.plugin.springsecurity.authority.className = 'com.company.foobar.Privilege'
grails.plugin.springsecurity.requestMap.className = 'com.company.foobar.Requestmap'
grails.plugin.springsecurity.securityConfigType = grails.plugin.springsecurity.SecurityConfigType.Requestmap
//**** I have tried both above and below (below is default one).
grails.plugin.springsecurity.securityConfigType = 'Requestmap'
BootStrap.groovy
for (String url in [
'/', '/index', '/index.gsp', '/**/favicon.ico',
'/assets/**', '/**/js/**', '/**/css/**', '/**/images/**',
'/login', '/login.*', '/login/**',
'/logout', '/logout.*', '/logout/**']) {
new Requestmap(url: url, configAttribute: 'ROLE_ANONYMOUS').save()
}
// I have tried both these (above and below)
// I have tried configuration attribute as
// IS_AUTHENTICATED_ANONYMOUSLY, permitAll
// and ROLE_ANONYMOUS (and few others too)
new Requestmap(url: '/**', configAttribute: 'IS_AUTHENTICATED_ANONYMOUSLY').save();
new Requestmap(url: '/logout/**', configAttribute: 'ROLE_ANONYMOUS').save();
new Requestmap(url: '/login/**', configAttribute: 'ROLE_ANONYMOUS').save()
new Requestmap(url: '/index/**', configAttribute: 'ROLE_ANONYMOUS').save();
Note: DB gets populated correctly.
Thing is that DB gets populated correctly, but I get these errors:
hierarchicalroles.RoleHierarchyImpl setHierarchy() - The following role hierarchy was set:
intercept.FilterSecurityInterceptor Validated configuration attributes
web.DefaultSecurityFilterChain Creating filter chain: Ant [pattern='/**'], [org.springframework.security.web.context.SecurityContextPersistenceFilter@7f4446e0, grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter@5b895d66, grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter@1753027d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4ac86881, grails.plugin.springsecurity.web.filter.GrailsRememberMeAuthenticationFilter@2b451382, grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter@4403d1ff, org.springframework.security.web.access.ExceptionTranslationFilter@56cfdf3b, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@6948c703]
|Server running. Browse to http://localhost:8080/foobar
....matcher.AntPathRequestMatcher Request '/index.gsp' matched by universal pattern '/**'
web.FilterChainProxy /index.gsp at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
context.HttpSessionSecurityContextRepository No HttpSession currently exists
context.HttpSessionSecurityContextRepository No SecurityContext was available from the HttpSession: null. A new one will be created.
web.FilterChainProxy /index.gsp at position 2 of 8 in additional filter chain; firing Filter: 'MutableLogoutFilter'
web.FilterChainProxy /index.gsp at position 3 of 8 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
web.FilterChainProxy /index.gsp at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
web.FilterChainProxy /index.gsp at position 5 of 8 in additional filter chain; firing Filter: 'GrailsRememberMeAuthenticationFilter'
web.FilterChainProxy /index.gsp at position 6 of 8 in additional filter chain; firing Filter: 'GrailsAnonymousAuthenticationFilter'
web.FilterChainProxy /index.gsp at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
web.FilterChainProxy /index.gsp at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
intercept.FilterSecurityInterceptor Secure object: FilterInvocation: URL: /index.gsp; Attributes: [_DENY_]
intercept.FilterSecurityInterceptor Previously Authenticated: grails.plugin.springsecurity.authentication.GrailsAnonymousAuthenticationToken@dc4337e: Principal: org.springframework.security.core.userdetails.User@dc730200: Username: __grails.anonymous.user__; Password: [PROTECTED]; Enabled: false; AccountNonExpired: false; credentialsNonExpired: false; AccountNonLocked: false; Granted Authorities: ROLE_ANONYMOUS; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
hierarchicalroles.RoleHierarchyImpl getReachableGrantedAuthorities() - From the roles [ROLE_ANONYMOUS] one can reach [ROLE_ANONYMOUS] in zero or more steps.
access.ExceptionTranslationFilter Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at grails.plugin.springsecurity.access.vote.AuthenticatedVetoableDecisionManager.decide(AuthenticatedVetoableDecisionManager.java:47)
at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
at grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:49)
at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:82)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
savedrequest.HttpSessionRequestCache DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/foobar/]
access.ExceptionTranslationFilter Calling Authentication entry point.
web.DefaultRedirectStrategy Redirecting to 'http://localhost:8080/foobar/login/auth'
After this I get looping error from browser (it tries and tries to login/auth page getting same answer all the time). I have checked answers in the stackoverflow, but my configs are like in those answers, and still aint helping.
I have cheked this, its not helping me, Grails spring security fails to present the login page due to a redirect loop (I have configuration like in answer above).
What works
If I take out of request map and use static definitions in Config.groovy everything works like a charm, but I need to use the DB for configuration (to go further from there).
ROLE_ANONYMOUS
(I'll be adding a check for 2.0 final to throw an error if it's explicitly used like this). It's a special quasi-fake role that's only supposed to be used for the anonymous user that the plugin creates if you're not logged in. You won't have it when you authenticate, so if it's the only required role you can't access anything after logging in. – Burt Beckwith