I'm using spring security in a grails app and when a login fails it always redirects to "login/authfail?ajax=true" and a json is rendered.
I even tried to redefine the 'ajaxAuthFailUrl' to be the same as 'defaultFailureUrl', but even though it redirects to '/login/authfail?login_error=1' I still getting the same json.
I dig the spring plugin to see why it 'thinks' it's an ajax request. Then on 'SpringSecurityService.java' I put some debug messages on 'isAjax' method. The result was, first of all, it calls 'isAjax' 2 times in a row. And the request is considered an ajax for different reasons:
there is a header 'ajaxHeader'
there is an ajax parameter on the request
and finally when it checks the SavedRequest's headers, it also finds it to be an ajax call.
I confess I'm lost, I don't have a clue about how to try to fix it...
I'm using:
Grails 2.3.8
spring-security-core:2.0-RC4
runtime ':spring-security-acl:2.0-RC1'
and I have a custom authentication handler that is set on BootStrap:
authenticationProcessingFilter.authenticationSuccessHandler = new MyUrlAuthenticationSuccessHandler()
Related
I'm having a pretty weird problem with CORS on a webapp I'm trying to make
I'm using Servlets (Tomcat8.0) for the backend. It's a school project, so I can't use a framework
A GET request to http://localhost:8080/FileBox/dashboard
returns a JSON payload( plain json, not jsonp,which I could use, but its the same domain). I'm using ajax to make the XHR, but it's being blocked by chrome as CORS
Should this be happening, since I'm making the XHR from the same domain(host+port)
'localhost:8080/FileBox/dashboard.jsp'
to
'localhost:8080/FileBox/dashboard'
Please, and thank you for the help!
You aren't making a request to http://localhost:8080/FileBox/dashboard. The error message says you are making a cross-origin request using an unsupported scheme and that http is a supported scheme.
Presumably you have made the two mistakes of:
Getting the URL wrong
You should be using a relative URL:
/FileBox/dashboard
but are trying to use an absolute URL:
http://localhost:8080/FileBox/dashboard
but have typed it wrong and are actually requesting
localhost:8080/FileBox/dashboard
Not loading the page over HTTP to start with
Possibly by double clicking the file in your system file manager, you have bypassed your HTTP server and are loading something like file:///c:/users/you/yourproject/index.html
Combined with the previous mistake, you end up trying to request file:///c:/users/you/yourproject/localhost:8080/FileBox/dashboard, with Ajax and get a security violation.
Solution
Fix the URL to be a proper relative URL
Point your browser at http://localhost:8080 instead of double clicking files in your file manager
We have a JSF 2.2 application using PrimeFaces.
Now, when an error occurs, I check for an AJAX request and deliver a partial response (as shown in BalusC's anwer to this question).
But what is, if there's no server anymore to handle the error, e.g. due to connection loss? At the moment, just nothing happens, leaving the user puzzled.
I found a hint in that question, which works, but I'd like to solve this in a general way, so that all AJAX calls which fail try to redirect to the start page - and then may receive the browser connection error message.
For standard JSF ajax, use jsf.ajax.addOnError() to set the default error handler. E.g.
jsf.ajax.addOnError(function(data) {
alert(data.responseText);
});
See also chapter 13.3.6.2 of the JSF 2.2 spec. You can find all properties of data object in table 14-4 of the JSF spec.
For PrimeFaces 4+, hook pfAjaxError event in jQuery (before 4, just use ajaxError). E.g.
$(document).on("pfAjaxError", function(event, xhr, options) {
alert(xhr.responseText);
});
Just customize it accordingly to show some div in top.
I have this simple page that just needs to show contents that is loaded from an external url (ajax request, response in json format)
I should say I'm a AngularJS newbie.
I've googled a bunch and found different ways of doing this and couldn't manage to determine which is the correct/simple/up-to-date way to achieve this.
My 2 challenges -
Making the AJAX request run on startup (I can load the page before that happens and just load the contents one the ajax request finishes. Maybe show a 'Loading..' indicator)
Doing a ajax request correctly.
Here is my attempt. I know that the ajax request is never made because its not setup correctly.
You are getting into .error function:
http://jsbin.com/oDUsuVA/3/edit
For jsonp your response should be something like:
callback([
{
"title":"License Title 1",
"licenseUrl":"http://cnn.com",
"licenseText": " test"
}]);
Edit:
You can simply do .get() request too, but if you had to use jsonp request interface, you would have to correct response.
A Jsonp request always wraps the logic into a json callback wrapper function.
I just did $http.get instead of your $http.jsonp and it did work for me.
I'm evaluating Canoo Webtest for automated integration/functional testing as a Grails plugin.
I have a REST app which I'm attempting to test, but Canoo Webtest doesn't seem to properly send the JSON data in POST request. My test code is like below
invoke( description:"Add a product to shopping cart",
url:'shoppingCart/add', method:'POST',
content:'{"class":"shop.service.Product", "name":"A product", "description":"Manufactured by X", "price":99.9}'
//contentFile: '../product.json'
)
The request body is empty no matter whether I use contentFile approach or inline the data as content attribute. The test report shows the data as being sent correctly, but error page shows an error stating 'JSONException: Missing value. at character 0 of '. JSON data as a response of GET request is coming back fine.
I have tested the same functionality with curl and it works perfectly fine. Is there something I'm missing in the Canoo Webtest setup?
Thanks.
EDIT: I'm using Grails 1.3.7 in case that makes any difference
OK. I started to just experiment with the invoke() and seems that setting attribute soapAction value to true does the trick.
I have no clue why this works. The documentation of invoke() for the attribute says
soapAction
Required? no
If the HTTP method is POST and is in fact a SOAP POST request,
this allows the SOAP Action header to be set. Ignored for GETs.
Apparently it sets some needed request header. Haven't checked which one.
Thank you for reading :)
Cannot yet mark this answer as the correct one, but will do so when it's possible.
I want to take use of the ajax login feature of the spring security plugin.
I am completely stuck getting a JSON success response from the loginController into my GWT client.
As I understood from the documentation I need to post my params to the url /j_spring_security_check and spring security is redirecting me to the right action.
If I look into my LoginController I see nothing of the actual login logic and its a bit magic for me where all the login/db stuff is done. Further spring security always redirects to action auth instead of using AjaxAuth even if I add the header "X-Requested-With" to post. If I do my post to the url /login/ajaxAuth I am getting a 401 which is OK because its written down in the controller(even if i dont know why we need to return a 401 here). Maybe I am doing something completely wrong :-)
My basic questions are:
Where can I find the login logic?
What parameter do I have to provide?
Which URL do I have to use?
What do I have to do if I dont want to use the username but instead and email field?
Thanks for all your help!
Looks like you're correctly implemented it, maybe there some small bug, like a typo.
Btw:
It's implemented at filter, that process your request before actual controllers. At your case it will be UsernamePasswordAuthenticationFilter (or RequestHolderAuthenticationFilter). Controller is used there only to render an additional data. As for ajax auth, it uses /login/ajaxSuccess, that renders a JSON response
By default it uses j_username & j_password. And you can use ajax=true parameter, instead of X-Request-With header
/j_spring_security_check by default
You can implement your own GrailsUserDetailsService (or extend GormUserDetailsService), and setup it as a spring bean, with name userDetailsService, at resources.xml
You can also turn on logging for Spring Security by:
log4j {
debug 'org.codehaus.groovy.grails.plugins.springsecurity',
'org.springframework.security'
}
maybe it will be helpful
I am using Grails 2.1.1 and ran into this same issue. Tried all the above things but still couldnt get my AJAX login to call the ajaxSuccess method.
However when it failed it was calling authFail?ajax=true.
After digging in more, here is what I did:
Added grails.plugins.springsecurity.successHandler.targetUrlParameter = 'ajaxUrl' in my Config.groovy
Added <input type="hidden" name="ajaxUrl" value="/login/ajaxSuccess" /> in my AJAX login form
Not sure why it fixed, but it seemed to work for me.
Just posting this solution for users who get stuck and come to this ticket for solution.