CODEWITHSUNDEEP
grailsspring-security
Riveascore
Riveascore

Reputation: 1852

Grails Spring Security Core Plugin redirect issue

I'm using the "Spring Security Core Plugin" for Grails and am using a simple map in my Config.groovy file to restrict access based on authentication type.

For example, I want to prevent users from going to the "user/create" page because obviously you wouldn't want people to be able to create other users when they're logged in (I'm ignoring for now that managers/mods would be able to have this functionality). To accomlish this, I have

grails.plugins.springsecurity.interceptUrlMap = [
    '/user/create':  ['IS_AUTHENTICATED_ANONYMOUSLY']
 ]

The only problem is, it seems to be acting like the action:

redirect uri: SpringSecurityUtils.securityConfig.successHandler.defaultTargetUrl

I want it to redirect to the page it was previously on though.

i.e. user/list, attempt to call action create from user controller, if logged in, would reidirect back to user/list.

Any help is GREATLY appreciated.

Upvotes: 1

Views: 332

Answers (2)

Hubert
Hubert

Reputation: 169

Also change 'IS_AUTHENTICATED_ANONYMOUSLY' to 'permitAll'. and use the if statement.

Upvotes: 0

ikumen
ikumen

Reputation: 11643

I might be wrong, but I don't think you can do what you want using ['IS_AUTHENTICATED_ANONYMOUSLY'], it won't restrict logged in user since per documentation

The token accepts any authentication, even anonymous.

Why not just put something like

//in user controller
def create() {
  if(springSecurityService.currentUser) {
    //let them know they're already logged in
    flash.message = message(code: 'your.....message')
    redirect(action: "list")
  }

  //else take them to create form
  ...
}

Upvotes: 1

Related Questions