grails spring security login page display

1
votes

I'm using the spring security plugin in a Grails app. There are two reasons why the login page gets displayed

  1. The user navigated to it directly
  2. The user tried to access a page that is only available to logged-in users

In the case of (2) only, I want to display a message like "you attempted to access a page that requires login", but in the GSP code of the login page I can't find a way to distinguish between (1) and (2), is this possible?

2
grailsspring-securitygrails-plugin

2 Answers

1
votes

When you get redirected, Spring Security stores a SavedRequest in the session under the SPRING_SECURITY_SAVED_REQUEST_KEY key, so you could check for the existence of that in auth.gsp:

<g:if test='${session.SPRING_SECURITY_SAVED_REQUEST_KEY}'>
   // display "you attempted to access a page that requires login"
</g:if>
<g:else>
   // direct access to login
</g:else>
0
votes

You could change the url of of the various spring security configurations to point to a controller, and then have it branch based on info in the session. In a 1.3.7 project is did something like 

security {
  authenticationFailureUrl = '/logout/doLogout'
  afterLogoutUrl = '/logout/doLogout'
}

then had

class LogoutController {
   def doLogout = {
       def wasHere = session.getAttribute('some-attribute-you-set')
       if (wasHere) render view: 'requirelogin'
       else render view: 'normallogin'       
   }
}