Geek Answers Handbook

Grails Spring Security UI, User and Role Management Access

I installed spring-security-core and spring-security-ui. also added testosterol as an admin.

when I run the application, I get a list of all the controllers, the login controller worked with username and password. but when you press another controller, it says

'Sorry, you do not have permission to view this page.'

Do I need to add any other role in order to access the user interface of the user and the role?

plugin version.

compile ': spring -security-core: 2.0-RC2' compile ": spring -security-ui: 1.0-RC1"

access to this url: // 127.0.0.1:8080/sec-test/role/search

here is my screen after login.

enter image description here

+7
spring-security grails
source share
7 answers

First create your roles and test the user in BootStrap.groovy:

import springsecurity.User import springsecurity.Role import springsecurity.UserRole class BootStrap { def init = { servletContext -> def adminRole = new Role(authority: 'ROLE_ADMIN').save(flush: true) def userRole = new Role(authority: 'ROLE_USER').save(flush: true) def testUser = new User(username: 'testusername', password: '1234') testUser.save(flush: true) UserRole.create testUser, adminRole, true assert User.count() == 1 assert Role.count() == 2 assert UserRole.count() == 1 } def destroy = { } }

Then redefine as suggested:

 grails s2ui-override auth grails s2ui-override layout grails s2ui-override user package.name grails s2ui-override role package.name

Finally, added secure annotations to your controllers, i.e.:

 package springsecurity import grails.plugin.springsecurity.annotation.Secured @Secured(['ROLE_ADMIN']) class RoleController extends grails.plugin.springsecurity.ui.RoleController { }
+6
source share

the best way is to do anonymous registration according to these instructions:

grails s2ui-override auth , grails s2ui-override layout grails s2ui-override user com.myApp , grails s2ui-override role com.myApp , grails s2ui-override register com.myApp

and add this to the registration controller:

 import grails.plugin.springsecurity.annotation.Secured @Secured(['ROLE_ANONYMOUS']) class RegisterController extends grails.plugin.springsecurity.ui.RegisterController { }
+4
source share

By default, grails uses a pessimistic approach to block URLs, which means that it displays the same message β€œSorry you are not authorized to view this URL” unless that URL is explicitly indicated in white. In addition to adding @Secured to your controller, you can also add the following URL to your config/conf.groovy file and whitelist:

 '/action': ['ROLE_ADMIN'] '/action' =

URL of your action. can also be clogged with wild cards, for example:

 '/**/css/**': ['permitAll'] ['ROLE_ADMIN'] =

role that can access the url

+2
source share

After installing the plugins, I need to run this s2ui override to create the controllers in the application

 grails s2ui-override auth grails s2ui-override layout grails s2ui-override user com.myApp grails s2ui-override role com.myApp

This page has been completely filled.

http://ajibrans.wordpress.com/2012/02/04/spring-security-plugin-with-grails-1-3-7/

+1
source share

As mentioned above, the plugin has changed to a pessimistic lock, so any thing without a certain level of security will throw out "Sorry, you are not authorized to view this page." message.

Other answers already said that you can just use the s2ui-override script to generate all the controllers and add @Secure annotation

 grails s2ui-override user com.myApp grails s2ui-override role com.myApp

then edit to add

 import grails.plugin.springsecurity.annotation.Secured @Secured(['ROLE_ADMIN']) class UserController ...

But instead of creating empty empty controllers, you can simply modify the static rule file in Config.groovy.

 grails.plugin.springsecurity.controllerAnnotations.staticRules = [ '/': ['permitAll'], '/**/css/**': ['permitAll'], '/**/images/**': ['permitAll'], <snip> '/register/**': ['permitAll'], '/user/**': ['ROLE_ADMIN'], '/role/**': ['ROLE_ADMIN'],

Adding these three lines will allow the register controller to be accessible to all, and user and role controllers are available only to ROLE_ADMIN users.

+1
source share

user role mapping is done in the UserController.

 URL - http://127.0.0.1:8080/sec-test/user
0
source share

in config.groovy

 grails.plugin.springsecurity.controllerAnnotations.staticRules = [ '/': ['permitAll'], '/**': ['permitAll'], '/index': ['permitAll'], '/user/search': ['permitAll'], '/plugins/jquery-ui-1.10.3/**': ['permitAll'], '/index.gsp': ['permitAll'], '/assets/**': ['permitAll'], '/**/js/**': ['permitAll'], '/**/css/**': ['permitAll'], '/**/images/**': ['permitAll'], '/**/favicon.ico': ['permitAll']

This allows you to provide access to all of these .. you can also manually configure it.

0
source share

More articles:


All Articles