I am using the new Grails Spring Security Core 2.0 plugin and am wondering how i can customize the login view and the LoginController/LogoutController?
The previous versions of the plugin generated these files but now it seems that I have to copy them from the plugin to my project. Is this the correct approach?
And if so, can I put the copied controllers and views into another package then the original ones. IntelliJ seems to dislike having the same artifacts in the same package.
By default in version 2.0 logouts are only allowed via POST requests. To change this to allow GET requests add the following to your Config.groovy file.
grails.plugin.springsecurity.logout.postOnly = false
Once you have that set you can link directly to logout controller in order to logout
<g:link controller="logout">logout</g:link>
If you want to find more info on what else was changed in version 2 look to the What's New in Version 2.0 documentation
Another option would be to use a remote link which by default uses the "post" method
<g:remoteLink class="logout" controller="logout">${message(code: 'springSecurity.logout.link')}</g:remoteLink>
I don't think any of the above answers actually answer the question.
If you want to override the controllers and the views in your web-app then yes copy them up into your web-app. You can even give them a different package hierarchy if you wish as the spring-security-core plugin seems to reference them by URL and yours would replace them.
This works because controllers and views declared in the main web-app take precedence over those that are in the plugins.
However if you are doing this in another plugin thats when things get a bit tricky. See this questiona and answer for a solution to that problem
Related
I would like to customize the spring boot admin ui to put some custom urls for healthcheck.I didn't find any examples on altering the UI like adding some tabs or putting some urls etx.
I found some documentation under http://codecentric.github.io/spring-boot-admin/current/ but it wasn't helpfull.
Any help on this would be really appreciated
Spring boot admin uses vue.js for frontend.
It is possible to add custom views to the ui. The views must be implemented as Vue.js components.
The JavaScript-Bundle and CSS-Stylesheet must be placed on the classpath at /META-INF/spring-boot-admin-server-ui/extensions/{name}/ so the server can pick them up. The spring-boot-admin-sample-custom-ui module contains a sample which has the necessary maven setup to build such a module.
The custom extension registers itself by calling SBA.use() and need to expose a install() function, which is called by the ui when setting up the routes. The install() function receives the following parameters in order to register views and/or callbacks:
I have a User entity and apart from default fields/methods (I took the whole content from grails docs) I added fields like address, number etc. (Strings).
Now I rebuilded the whole project, deployed and I still don't see those in Spring Security Management Console.
How to force Spring Security Management Console to show my custom User fields?
I'm going to assume a couple of things when authoring this answer:
What you meant by the first part of the question is that you have added fields to the User domain class that was generated by the Spring Security Plugin
You are speaking of the Spring Security UI Plugin when you say "Management Console"
With those two assumptions in mind, you need to take a look at this documentation. Simply adding the fields to the Domain class will not affect the UI plugin, as the plugin has pre-defined views and controllers for dealing with the default fields in the domain object.
You need to "override" these views and controllers to support your new fields. From the sounds of it, running this script should "extract" the views and controller you need:
grails s2ui-override user <controller_package>
Where the controller_package is the package you would like the new UserController class to be a part of.
We have several in-house developed application in Groovy/Grails and use a shared plugin containing code that is common to all applications. We're needing more advanced authentication (LDAP, CAS, etc.) so it's time to implement the Spring Security plugin. I've been doing a bunch of reading on it, but I'm stuck at something as simple as changing the URLs and GSP pages that are used for the login and logout. I'm assuming that we'll also need a custom controller to make these changes.
In a normal situation where an application is using the Spring Security plugin, changing the default controller and/or GSPs seems to be as easy as just creating a file with the same name and location as the original files (since application files override plugin files). However, we're including the Spring Security plugin in our shared plugin which then is included in the application ... so unless it's possible to have one plugin override another plugins files this sort of solution doesn't seem to work here.
What would be the correct approach for overriding the default login/logout pages, url, and possibly controllers being used?
The controllers and GSPs are part of the plugin in 2.0. If you want to customize them copy them from the installed plugin directory to your project in the same folders and make the changes there. App files always override plugin files because the plugins are compiled first, then the app, so the app's files take precedence.
This procedure worked successfully for me.
I've got a Spring MVC application and I've decided that I'd like to try using GWT for the front end. I'd like to continue using MVC as I'll also be using Spring Security and some other springy stuff.
I'm aware of the GWT-SL project, and I guess I'll use it. The documentation is light on examples unfortunately.
What I'm wondering now is.... how do I reconfigure my project so that I can use GWT? I'm assuming that I'll lose the ability to run in hosted mode, and I suppose that's ok. Do I just add the GWT and GWT-SL jars, reconfigure my web.xml, and add a package to my project for the GWT code?
I'm using Eclipse 3.4. My existing project is standard web project.
With the new version of the GWT plugin, you'd have all the benefits of the hosted mode browser without having to modify any options. The GWTHandler from the GWT-SL will take care of your rpc call mapping. However, you will have a problem with your existing domain objects structure. You will either have to put them in GWT's 'client' package, or mirror your existing domain objects to enable them to be compiled to javascript. I have been looking for a stable non-invasive framework for doing this, but have yet to find one. Gilead looks promising, but you will have to extend its classes on your domain.
I have posted a view month ago my simple project (3 classes) how to integrate GWT with existing Spring MVC application. Simple sample also provided.
Try it, it is clear and simple: http://code.google.com/p/gspring.
You won't lose hosted mode. I don't know if you're using the internal server for that - I use -noserver so I can't help you there.
Other than that, I guess the documentation is quite clear. Have you hit any specific problems?
I have a project with the following setup:
Tomcat 6.x
Struts 2.1.6
DisplayTag 1.2
Spring 2.x (1 or 5, don't remember now)
I want to know to to do session controlling in every action of my app, like if the users weren't logged in, they're redirect to certain page to login (in the case of my project, either the user come to a special crafted url like login/SPECIALHASHTOLOGIN or won't enter at all.
Need more details?
Thx in advance.
I'm still new to S2 as well, but I believe what you will need to do is modify the default interceptor stack (or create a custom stack) and add a custom interceptor. This custom interceptor will need to implement SessionAware to access the user session, and must implement your custom logic (which action to redirect to, which URLs do not need protection, etc.).
Here is a good tutorial of a LoginInterceptor that behaves similar to what you are requesting.
Acegi security is a great way to add security to your web app if you're already using Spring. Here's a decent 1-hour Acegi tutorial.