0

We are using grails 2.3.5 app with mongodb (no hibernate installed). I had forked & modified grails database session plugin with HQL queries to use simple queries so as to support mongodb.

Then when I'm trying to login via ajax, it fails. By fail, I mean that, session in created & persisted to the database but not able to login. When I enabled to logs, I saw cookies is present in the request path /j_spring_security_check after authentication but is not available after redirect i.e. in path /login/ajaxSuccess which causing authentication to be treated as false & a new session is created.

Our URL mapping config looks like this: (Does not matters)

"/$controller/$action?/$id?(.$format)?" {
     constraints {
     }
}

"/v2/$customController/action/$customAction" {
    controller = {
        return params.customController?.toUpperCamelCase()
    }
    action = {
        return params.customAction?.toUpperCamelCase()
    }
}

"/v2/$resource/$resourceId?/$subResource?/$subResourceId?" {
    controller = {
        if (params.subResource) {
            return params.subResource.toUpperCamelCase()
        }
        return params.resource.toUpperCamelCase()
    }
    action = {
        Map actionMethodMap = [GET: params.resourceId ? "show" : "index", POST: "save", PUT: "update", DELETE: "delete"]
        return actionMethodMap[request.method.toUpperCase()]
    }
    id = {
        if (params.subResource && params.subResourceId) {
            return params.subResourceId
        }
        return params.resourceId
    }
}

Our configuration looks like this for spring security:

grails.plugins.springsecurity.authority.className = 'com.test.Role'
grails.plugins.springsecurity.userLookup.userDomainClassName = 'com.test.User'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'com.test.UserRole'
grails.plugins.springsecurity.useSessionFixationPrevention = true

//grails.plugins.springsecurity.redirectStrategy.contextRelative = true
grails.plugins.springsecurity.successHandler.defaultTargetUrl = "/app/ng/index.html"
grails.plugins.springsecurity.auth.loginFormUrl = "/app/ng/index.html#/auth/signin"
grails.plugins.springsecurity.auth.ajaxLoginFormUrl = "/v2/login/action/auth-ajax"
grails.plugins.springsecurity.ui.encodePassword = false
grails.plugins.springsecurity.controllerAnnotations.staticRules = [
    '/j_spring_security_switch_user': ['ROLE_ADMIN'],
    '/ck/standard/filemanager':    ['ROLE_ADMIN'],
    '/ck/standard/uploader':    ['ROLE_ADMIN'],
    '/ck/ofm/filemanager':    ['ROLE_ADMIN'],
    '/ck/ofm/filetree':    ['ROLE_ADMIN'],
    '/quartz/**': ["ROLE_ADMIN"],
    '/**'          : ['IS_AUTHENTICATED_ANONYMOUSLY']
]

Other than this, grails.serverURL config is commented for all environments to support wildcard subdomain.

Using:

Spring Security Core plugin version 1.2.7.3
Cookie plugin version 0.51
Webxml plugin version 1.4.1
Mongodb plugin version 2.0.1

Shashank Agrawal
  • 25,161
  • 11
  • 89
  • 121

0 Answers0