All geek questions in one place

Grails Spring Security Plugin - login form redirected to ajaxAuth

I have a Grails application that uses the grails spring security 2.0.RC-5 plugin . Say I have 2 tabs open. 1st, as soon as I left the application. Then, in the second, I click the button that calls the AJAX call for the application.

Since I logged out, the entry point will be LoginController.authAjax. The default code generated by the plugin in this method is

response.setHeader 'Location', SpringSecurityUtils.securityConfig.auth.ajaxLoginFormUrl
response.sendError HttpServletResponse.SC_UNAUTHORIZED

I get 401 on my ajax call and everything is fine. The problem is that now, if I go back to the login page and resubmit the login form, I will be redirected to the method LoginController.authAjax.

Code in this method

render([success: true, username: springSecurityService.authentication.name] as JSON)

This, in turn, does not redirect me to the toolbar page in the application, but displays {"success":true,"username":"user1"}

Obviously, this is not the intended behavior. How to fix it? Thank you.

+4
source share
1 answer

This is the default behavior for the Spring Security Core plugin , which when you log out and try to access a secure URL, saves that URL in the session and redirects the same URL back to you after a successful login. so that the user does not have to manually go to the original requested page.

If you want to permanently disable this behavior, you can specify the following configuration in your own Config.groovy:

grails.plugin.springsecurity.successHandler.alwaysUseDefault = true

http://grails-plugins.imtqy.com/grails-spring-security-core/guide/urlProperties.html

, , , :

authAjax:

def authAjax() {
    if (request.xhr) {  // For any AJAX request or any condition you want
        session["SPRING_SECURITY_SAVED_REQUEST"] = null
    }
}
+2

Source: https://habr.com/ru/post/1608949/

More articles:


All Articles