Quantcast

Requestmaps with "root url" like /** working?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Requestmaps with "root url" like /** working?

gatherer
I would like to require my users to login, redirecting them to the auth page if they haven't so that they can't see anything if they are not authenticated. I tried it with a requestmap like:

Requestmap(url: '/**', configAttribute: 'IS_AUTHENTICATED_REMEMBERED, ROLE_USER')

But it doesn't work, I can go to the index page and look at different pages without being redirected to the login page. I have other requestsmaps working in specific controllers but not in the root url, I also tried with /* instead of /**.

Any ideas?
Is this the best way to require authentication?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Requestmaps with "root url" like /** working?

Konstantinos Kostarellis

You could try the "Pessimistic Lockdown" approach described in http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/5%20Configuring%20Request%20Mappings%20to%20Secure%20URLs.html

Cheers,
   Kosta

Am 24.01.2012 15:43 schrieb "gatherer" <[hidden email]>:
I would like to require my users to login, redirecting them to the auth page
if they haven't so that they can't see anything if they are not
authenticated. I tried it with a requestmap like:

Requestmap(url: '/**', configAttribute: 'IS_AUTHENTICATED_REMEMBERED,
ROLE_USER')

But it doesn't work, I can go to the index page and look at different pages
without being redirected to the login page. I have other requestsmaps
working in specific controllers but not in the root url, I also tried with
/* instead of /**.

Any ideas?
Is this the best way to require authentication?

--
View this message in context: http://grails.1312388.n4.nabble.com/Requestmaps-with-root-url-like-working-tp4323919p4323919.html
Sent from the Grails - user mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Requestmaps with "root url" like /** working?

gatherer
I had already thought about your solution. I set up pessimistic locking and a requestmap with "/login/**" and anonymous auth to allow users to log in. With this, users do get redirected to the login page, but once they have authenticated, due to the pessimistic locking they are always redirected back to the login page unless I set a requestmap to /**. And as the thread title says, I cannot get requestsmaps with the root url working.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Requestmaps with "root url" like /** working?

smakela
I you want them ALWAYS to authenticate user IS_AUTHENTICATED_FULLY instead. Otherwise they can user the remember me cookie.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Requestmaps with "root url" like /** working?

gatherer
I know this option but I trust users with the "remember me" cookie. The problem is that the requestmap doesn't work when applied to the root url  /** .
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Requestmaps with "root url" like /** working?

Konstantinos Kostarellis
I created a very simple mini app to show off a different problem I have with requestmaps (will write later about it to the list)

https://github.com/delight/seclibrary

The app bootstraps 3 users "user/password": (admin/admin, view/view, create/create) 
If you like you can try the app. If I understood your request correctly, it solves your requirements. After the following step:

It got a simple crud where you can change Requestmaps at runtime:
For yous requirements you would have to login to the app as admin/admin
and change the Requestmap

/ permitAll
to

/ hasAnyRole('ROLE_BOOK_VIEW')
after that the app should show your desired behaviour 

Hope this is helpful to you.
Cheers,
   Kosta

2012/1/25 gatherer <[hidden email]>
I know this option but I trust users with the "remember me" cookie. The
problem is that the requestmap doesn't work when applied to the root url
/** .

--
View this message in context: http://grails.1312388.n4.nabble.com/Requestmaps-with-root-url-like-working-tp4323919p4327043.html
Sent from the Grails - user mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email



Loading...