Grails Spring Security plugin @Secured annotation not resolved

Question

package hompage

import logindetails.*
import login.User
import grails.plugins.springsecurity.Secured;

class RedirectController
{
    def springSecurityService

    def index() { }

    /**
     * This method will redirect the user if it has the role "ROLE_ADMIN"
     */
    @Secured(['ROLE_ADMIN'])
    def adminhomepage =
    {
        render(view: "adminhome")
    }

    /**
     * This method will redirect the user if it has the role "ROLE_USER"
     */
    @Secured(['ROLE_USER'])
    def userhomepage=
    {
        render(view: "userhome")
    }
}

This is my code and i would like to redirect to the adminhome if and only if the role is ROLE_ADMIN and to userhome if the role is ROLE_USER.

Please help me for the implementation of this code.

I am using the netbeans IDE and there is the warning (like in red exclamation sign which generally shows for the java code)for import import grails.plugins.springsecurity.Secured

unable to resolve class grails.plugins.springsecurity.Secured @ line 5, column 1.

even if the import is present i am not getting it what is the problem?

Answer 1

The Package has been rename from grails.plugins to grails.plugin

import grails.plugin.springsecurity.annotation.Secured

please use this. Ref: source

Answer 2

I followed the same tutorial listed in your comments and hit the same problem. As already stated in this post, the "error" didn't prevent any of my code from being built from the command line. But as a Grails beginner, seeing that little Red X so early in the game for the most basic application can be frustrating.

Since the app compiles and runs from the command line, it's definitely a problem with the IDE. I checked my plugins and Spring Security wasn't listed. Right Click on Plugins -> Open Grails Plugin Manager and install via STS that way. It will uninstall and reinstall the same plugin. I'm running an older version of STS, so hopefully this is fixed with newer versions.

Hope this helps anyone who stumbles on this older thread.

Answer 3

I get the warning in Netbeans as well; it does not affect anything for me. Everything still compiles and runs fine.

The @Secured annotation will not do any sort of redirection - it just makes sure you are allowed in that action once you are sent there.

I want to make sure I understand - no matter what role they have if someone goes 'adminHomeController/index' are they redirected to 'adminHomeController/adminhomepage.gsp' or do they get the 'adminHomeController/index.gsp' served up? If they are redirected there is nothing in the code you provided that can cause that. Do you have any URL Mappings that would do that?

Or is the real problems that if someone does NOT have ROLE_USER they are still allowed to go to 'adminHomeController/adminhomepage'? If that is what is happening make sure you have the following on your config file:

grails.plugins.springsecurity.securityConfigType = "Annotation"

Then restart the application and try to access adminhomepage as a user that does not have ROLE_USER. If they can still get there make sure they really don't have ROLE_USER.

If this is to redirect someone upon login there are much more comprehensive ways to handle this, like creating a custom AuthSuccessHandler, but that is a bit more complicated. To do the redirect this way I would do something like this:

    import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils.*

    def index() {
      if(ifAnyGranted("ROLE_ADMIN")) {
           redirect(action: 'adminhomepage')
      } else if(ifAnyGranted("ROLE_USER")) {
           redirect(action: 'userhomepage')
      }
    }

    def adminhomepage() {
        //admin stuff
    }

    def userhomepage() {
        //user stuff
    }

Answer 4

Check your classpath, do a grails clean, and make sure the plugin is present in the BuildConfig.groovy.