Grails Grails - user

Spring Security - Filters / Chain

classic Classic list List threaded Threaded
8 messages Options
Alan
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Spring Security - Filters / Chain

Alan
Hi,

I'm looking for the correct approach to changing the targetURL (defaultTargetUrl) redirected to based on the user role after a successful login e.g. ADMIN => /admin. && USER => /profile  From what I can see, placing a custom filter to the filter chain.  I have tried adding :

SpringSecurityUtils.clientRegisterFilter(
            'adminCheckFilter', SecurityFilterPosition.FORM_LOGIN_FILTER.order + 10)

with the

public class AdminCheckFilter extends UsernamePasswordAuthenticationFilter {
...
}
   
class registered in resources.groovy

but I'm not sure how to proceed from here, or if I am approaching this wrong?

Thanks,
Alan
Alan
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Spring Security - Filters / Chain

Alan
Shameless bump, this is really bugging me
BluSynergy
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Spring Security - Filters / Chain

BluSynergy
You don't need a filter for that, here is what we do in the LoginController (we are using acegi)

def index = {
        if (isLoggedIn()) {

            if(authenticateService.ifAnyGranted('ROLE_CUSTOMER')){
                def user = BaseUser.get(authenticateService.userDomain()?.id)
                redirect(controller:'customer', action:'details', id:user?.customer?.id)
            } else {

                redirect(controller:'homePage', action:'index')
            }
        }



On Fri, Feb 11, 2011 at 4:37 PM, Alan <[hidden email]> wrote:

Shameless bump, this is really bugging me
--
View this message in context: http://grails.1312388.n4.nabble.com/Spring-Security-Filters-Chain-tp3300646p3302147.html
Sent from the Grails - user mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email






Sunny Thandassery
BluSynergy, Solutions for subscription billing and invoicing
Alan
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Spring Security - Filters / Chain

Alan
Hi Sunny,

I had something like this with Shiro, but with the SpringSecuirty plugin, the login form doesn't direct back to my LoginController  - the target of it is: '/j_spring_security_check'

From digging, I think that Spring auto generates and configures a UsernamePasswordAuthenticationFilter bean which responds to this URL.

So when a valid user is authenticated they are always directed to the value of successHandler.defaultTargetUrl in Config.groovy

... but as I said, I could be very wrong with my approach

Alan

On 11 February 2011 23:19, Sunny Thandassery <[hidden email]> wrote:
>
> You don't need a filter for that, here is what we do in the LoginController (we are using acegi)
> def index = {
>         if (isLoggedIn()) {
>             if(authenticateService.ifAnyGranted('ROLE_CUSTOMER')){
>                 def user = BaseUser.get(authenticateService.userDomain()?.id)
>                 redirect(controller:'customer', action:'details', id:user?.customer?.id)
>             } else {
>                 redirect(controller:'homePage', action:'index')
>             }
>         }
>
>
> On Fri, Feb 11, 2011 at 4:37 PM, Alan <[hidden email]> wrote:
>>
>> Shameless bump, this is really bugging me
>> --
>> View this message in context: http://grails.1312388.n4.nabble.com/Spring-Security-Filters-Chain-tp3300646p3302147.html
>> Sent from the Grails - user mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this list, please visit:
>>
>>    http://xircles.codehaus.org/manage_email
>>
>>
>
>
>
>



--
Code Crunchers
Internet Software Development

http://www.codecrunchers.ie

Unit A4
Enterprise Fund Business Centre
Ballyraine
Letterkenny
Co. Donegal
Ireland
IRELAND

 + 353 86 0484840
burtbeckwith
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Spring Security - Filters / Chain

burtbeckwith
Your approach is adding another filter, whereas you want to replace or reconfigure the one the plugin configures. If you want to programmatically calculate where to redirect, then you'll need a subclass (if you just wanted to change the url you could change the grails.plugins.springsecurity.successHandler.defaultTargetUrl as described in section "13 URL Properties" in the docs).

But having subclassed (e.g. with your AdminCheckFilter) you'd want to replace the current one and the best way to do that is to replace the bean that's configured for the filter, 'authenticationProcessingFilter'. Note that the plugin already subclasses UsernamePasswordAuthenticationFilter with its org.codehaus.groovy.grails.plugins.springsecurity.RequestHolderAuthenticationFilter so you should extend that. You can see the bean definition in SpringSecurityCorePlugin.groovy.

Then you replace the plugin's bean with yours in grails-app/conf/spring/resources.groovy:

   import com.myco.myapp.AdminCheckFilter

   import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils

   beans = {
      authenticationProcessingFilter(AdminCheckFilter) {
         authenticationManager = ref('authenticationManager')
         sessionAuthenticationStrategy = ref('sessionAuthenticationStrategy')
         authenticationSuccessHandler = ref('authenticationSuccessHandler')
         authenticationFailureHandler = ref('authenticationFailureHandler')
         rememberMeServices = ref('rememberMeServices')
         authenticationDetailsSource = ref('authenticationDetailsSource')

         def conf = SpringSecurityUtils.securityConfig
         filterProcessesUrl = conf.apf.filterProcessesUrl
         usernameParameter = conf.apf.usernameParameter
         passwordParameter = conf.apf.passwordParameter
         continueChainBeforeSuccessfulAuthentication = conf.apf.continueChainBeforeSuccessfulAuthentication
         allowSessionCreation = conf.apf.allowSessionCreation
         postOnly = conf.apf.postOnly
      }
   }

Burt

> Hi Sunny,
>
> I had something like this with Shiro, but with the SpringSecuirty plugin,
> the login form doesn't direct back to my LoginController  - the target of it
> is: '/j_spring_security_check'
>
> From digging, I think that Spring auto generates and configures a
> UsernamePasswordAuthenticationFilter bean which responds to this URL.
>
> So when a valid user is authenticated they are always directed to the value
> of successHandler.defaultTargetUrl in Config.groovy
>
> ... but as I said, I could be very wrong with my approach
>
> Alan
>
> On 11 February 2011 23:19, Sunny Thandassery <[hidden email]> wrote:
> >
> > You don't need a filter for that, here is what we do in the
> LoginController (we are using acegi)
> > def index = {
> >         if (isLoggedIn()) {
> >             if(authenticateService.ifAnyGranted('ROLE_CUSTOMER')){
> >                 def user =
> BaseUser.get(authenticateService.userDomain()?.id)
> >                 redirect(controller:'customer', action:'details',
> id:user?.customer?.id)
> >             } else {
> >                 redirect(controller:'homePage', action:'index')
> >             }
> >         }
> >
> >
> > On Fri, Feb 11, 2011 at 4:37 PM, Alan <[hidden email]> wrote:
> >>
> >> Shameless bump, this is really bugging me
> >> --
> >> View this message in context:
> http://grails.1312388.n4.nabble.com/Spring-Security-Filters-Chain-tp3300646p3302147.html
> >> Sent from the Grails - user mailing list archive at Nabble.com.
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe from this list, please visit:
> >>
> >>    http://xircles.codehaus.org/manage_email
> >>
> >>
> >
> >
> >
> >
>
>
>
> --
> Code Crunchers
> Internet Software Development
>
> http://www.codecrunchers.ie
>
> Unit A4
> Enterprise Fund Business Centre
> Ballyraine
> Letterkenny
> Co. Donegal
> Ireland
> IRELAND
>
>  + 353 86 0484840
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email
Alan
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Spring Security - Filters / Chain

Alan
Hi Burt,

that code worked "out of the box" - much obliged..  I still haven't fully managed the redirect, but I'm closer.  I'll post back here when I solve for other users reference.


On 11 February 2011 23:51, Burt Beckwith <[hidden email]> wrote:
Your approach is adding another filter, whereas you want to replace or reconfigure the one the plugin configures. If you want to programmatically calculate where to redirect, then you'll need a subclass (if you just wanted to change the url you could change the grails.plugins.springsecurity.successHandler.defaultTargetUrl as described in section "13 URL Properties" in the docs).

But having subclassed (e.g. with your AdminCheckFilter) you'd want to replace the current one and the best way to do that is to replace the bean that's configured for the filter, 'authenticationProcessingFilter'. Note that the plugin already subclasses UsernamePasswordAuthenticationFilter with its org.codehaus.groovy.grails.plugins.springsecurity.RequestHolderAuthenticationFilter so you should extend that. You can see the bean definition in SpringSecurityCorePlugin.groovy.

Then you replace the plugin's bean with yours in grails-app/conf/spring/resources.groovy:

  import com.myco.myapp.AdminCheckFilter

  import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils

  beans = {
     authenticationProcessingFilter(AdminCheckFilter) {
        authenticationManager = ref('authenticationManager')
        sessionAuthenticationStrategy = ref('sessionAuthenticationStrategy')
        authenticationSuccessHandler = ref('authenticationSuccessHandler')
        authenticationFailureHandler = ref('authenticationFailureHandler')
        rememberMeServices = ref('rememberMeServices')
        authenticationDetailsSource = ref('authenticationDetailsSource')

        def conf = SpringSecurityUtils.securityConfig
        filterProcessesUrl = conf.apf.filterProcessesUrl
        usernameParameter = conf.apf.usernameParameter
        passwordParameter = conf.apf.passwordParameter
        continueChainBeforeSuccessfulAuthentication = conf.apf.continueChainBeforeSuccessfulAuthentication
        allowSessionCreation = conf.apf.allowSessionCreation
        postOnly = conf.apf.postOnly
     }
  }

Burt

> Hi Sunny,
>
> I had something like this with Shiro, but with the SpringSecuirty plugin,
> the login form doesn't direct back to my LoginController  - the target of it
> is: '/j_spring_security_check'
>
> From digging, I think that Spring auto generates and configures a
> UsernamePasswordAuthenticationFilter bean which responds to this URL.
>
> So when a valid user is authenticated they are always directed to the value
> of successHandler.defaultTargetUrl in Config.groovy
>
> ... but as I said, I could be very wrong with my approach
>
> Alan
>
> On 11 February 2011 23:19, Sunny Thandassery <[hidden email]> wrote:
> >
> > You don't need a filter for that, here is what we do in the
> LoginController (we are using acegi)
> > def index = {
> >         if (isLoggedIn()) {
> >             if(authenticateService.ifAnyGranted('ROLE_CUSTOMER')){
> >                 def user =
> BaseUser.get(authenticateService.userDomain()?.id)
> >                 redirect(controller:'customer', action:'details',
> id:user?.customer?.id)
> >             } else {
> >                 redirect(controller:'homePage', action:'index')
> >             }
> >         }
> >
> >
> > On Fri, Feb 11, 2011 at 4:37 PM, Alan <[hidden email]> wrote:
> >>
> >> Shameless bump, this is really bugging me
> >> --
> >> View this message in context:
> http://grails.1312388.n4.nabble.com/Spring-Security-Filters-Chain-tp3300646p3302147.html
> >> Sent from the Grails - user mailing list archive at Nabble.com.
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe from this list, please visit:
> >>
> >>    http://xircles.codehaus.org/manage_email
> >>
> >>
> >
> >
> >
> >
>
>
>
> --
> Code Crunchers
> Internet Software Development
>
> http://www.codecrunchers.ie
>
> Unit A4
> Enterprise Fund Business Centre
> Ballyraine
> Letterkenny
> Co. Donegal
> Ireland
> IRELAND
>
>  + 353 86 0484840
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email
omarello
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Spring Security - Filters / Chain

omarello
Hey Alan,

I had a similar requirement, and managed to get this to work. Maybe there are better ways, but this seemed to work. I wrote my findings and how to implement here

http://omarello.com/2011/09/grails-custom-target-urls-after-login/

Hope it helps.
eduardoarantes
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Spring Security - Filters / Chain

eduardoarantes
In reply to this post by burtbeckwith
I'd like to control which URL to redirect to when authorization fails based on the rule.
The user can register at the system just with name and email, but later when he tries to perform some actions he is required to fill the entire profile.
If he fails to have the 'HAS_FULL_PROFILE' role he must be redirected to the form.

is there a authorizationProcessingFilter :
Loading...
Powered by Nabble See how NAML generates this page