1

I would like to check if the user is logged in or not.I have integrated interceptor in most of the projects to check if user is logged in . But this does-not work well with AJAX request and matching all the controllers in the interceptor causes filter to be applied for all controllers including /static/** ,where in this case i will have to exclude (.excludes(uri: "/static/**")) .Is this the correct and standard way of doing? 

LoginInterceptor() {
        matchAll()
                .excludes(controller: "login") 
                .excludes(controller: "signUp") 
                .excludes(uri: "/static/**")
                .excludes(uri: "/assets/**")
    }
    boolean before() {
        if (!springSecurityService.isLoggedIn()) {
            flash.message="You need to login to access furthur pages"
            redirect( controller: 'login',action: 'auth');
            return false
        }
        true
    }

    boolean after() { true }

    void afterView() {
        // no-op
    }

The above code doesnot work with the AJAX request . How do i make a generic interceptor which works well with both AJAX and WEB request? And is this a standard way of monitoring request for logged in?

ujjwol shrestha
  • 145
  • 1
  • 12
  • what do you mean by `does-not work well` .. are you getting error or unexpected result. can you say what is the exact problem? – devbd Dec 10 '17 at 05:45
  • @devbd First thing is ,the ajax requests for JSON so how will my interceptor redirect to the auth page. Second When i apply interceptor for matchAll(), it will filter /static/** as well and i think this is not a proper solution for checking if the user is logged or not. – ujjwol shrestha Dec 10 '17 at 05:49
  • you have to handle `redirect` along with Ajax request in your JS code . Then check if you have any URL that matches exactly `/static/**` .. i dont think you have a url exactly like `/static/**`. – devbd Dec 10 '17 at 05:54
  • /static/** is the url for /src/main/webapp/ in grails 3+ – ujjwol shrestha Dec 10 '17 at 05:56
  • `/static/**` is a `pattern` not a direct url. – devbd Dec 10 '17 at 05:57
  • See my answer to this question (https://stackoverflow.com/questions/35853996/grails-isnt-responding-with-a-401-during-ajax-request-and-timed-out-session/35854255#35854255) it may point you in the right direction. – Joshua Moore Dec 10 '17 at 17:45
  • "/static/** is the url for /src/main/webapp/ in grails 3+" - Is that true by default? – Jeff Scott Brown Jul 05 '22 at 14:05

2 Answers2

1

If you use spring security plugin. You can do it by configuring security config. You can find more here

For ajax request you can check return code and if it is == 403, you can redirect user to the login page.

Koloritnij
  • 1,167
  • 1
  • 8
  • 15
  • For ajax request : 403 if for page without permission. My ajax request to ----> POSTXHR http://localhost:8080/home/index2 get me -------> [HTTP/1.1 302 Found 4ms] GETXHR http://localhost:8080/login/authAjax – ujjwol shrestha Dec 11 '17 at 16:44
  • @ujjwolshrestha so it's redirect you to the login/authAjax, am I right? you can look on 'adh.ajaxErrorPage' property in docs. maybe it will help you. – Koloritnij Jan 15 '18 at 11:53
0

When working on my project, I found the following way to check the log-in status.

def springSecurityService

boolean canEdit() {
   boolean isLoggedIn = springSecurityService.isLoggedIn()
   if (!isLoggedIn) { return false }
      boolean hasAdminOrCuratorRole = userService.isLoggedInUserACurator() || userService.isLoggedInUserAAdmin()
   hasAdminOrCuratorRole
}

Hope this helps!

Tung
  • 1,579
  • 4
  • 15
  • 32