Reputation: 827
Being denied access to application in grails
I am following this tutorial for a Grails forum application: http://grails.asia/grails-forum-application.
I have done exactly what it has in it, except I am using spring-security-core:2.0.0 plugin in stead of spring-security-core:1.2.7.3 in the tutorial mentioned in the tutorial (link given above).
When I try to login: I get this error:
"Sorry, you're not authorized to view this page"
I am not sure what the error exactly is as the console does not give a trace.
I am using GGTS Groovy/Grails Tool Suite Version: 3.6.4.RELEASE on Ubuntu Linux 16.04.
The code I am using is the same code listed in the link above and on github (https://github.com/grailsasia/grails-ex-forum)
What am I doing wrong? The application is denying me access even though I am using a username and password that the application is generating itself.
here is the code for Bootstrap.groovy which I am using to load data (again - straight from the tutorial itself):
class BootStrap {
def random = new Random();
def words = ("time,person,year,way,day,thing,man,world,life,hand,part,child,eye,woman,place,work,week,case,point," +
"government,company,number,group,problem,fact,be,have,do,say,get,make,go,know,take,see,come,think,look," +
"want,give,use,find,tell,ask,work,seem,feel,try,leave,call,good,new,first,last,long,great,little,own," +
"other,old,right,big,high,different,small,large,next,early,young,important,few,public,bad,same,able,to,of," +
"in,for,on,with,at,by,from,up,about,into,over,after,beneath,under,above,the,and,a,that,I,it,not,he,as,you," +
"this,but,his,they,her,she,or,an,will,my,one,all,would,there,their").split(",")
def init = { servletContext ->
if (SecUser.count() == 0) { // no user in db, lets create some
def defaultRole = new SecRole(authority: 'ROLE_USER').save()
// create 100 users
(1..100).each { userNo ->
String username = "user${userNo}"
def user = new SecUser(username:username, password: 'secret', enabled: true).save()
// all users will have default role
new SecUserSecRole( secUser:user, secRole: defaultRole).save()
}
}
if ( Section.count() == 0 ) { // create data if no forum data found
// get all users
def users = SecUser.list()
// create 3 sections
('A'..'C').each { sectionLetter ->
def sectionTitle = "Section ${sectionLetter}"
def section = new Section(title: sectionTitle).save()
// create 4 topics per section
(1..4).each { topicNumber ->
def topicTitle = "Topic ${sectionLetter}-${topicNumber}"
def topicDescription = "Description of ${topicTitle}"
def topic = new Topic(section: section, title: topicTitle, description: topicDescription).save()
// create 10-20 threads each topic
def numberOfThreads = random.nextInt(11)+10
(1..numberOfThreads).each { threadNo ->
def opener = users[random.nextInt(100)]
def subject = "Subject ${sectionLetter}-${topicNumber}-${threadNo} "
def thread = new DiscussionThread(topic:topic, subject:subject, opener:opener).save()
new Comment(thread:thread, commentBy:opener, body:generateRandomComment()).save()
// create 10-35 replies per thread
def numberOfReplies = random.nextInt(26)+10
numberOfReplies.times {
def commentBy = users[random.nextInt(100)]
new Comment(thread:thread, commentBy:commentBy, body:generateRandomComment()).save()
}
}
}
}
}
}
private String generateRandomComment() {
def numberOfWords = random.nextInt(50) + 15
StringBuilder sb = new StringBuilder()
numberOfWords.times {
def randomWord = words[random.nextInt(words.length)]
sb.append("${randomWord} ")
}
return sb.toString()
}
def destroy = {
}
}
I am doing the best I can to figure out what is going on, but I don't have an error message as to what the issue is and the tutorial doesn't help me figure out why.
UPDATE!!
After looking at the replies I received, I went back and looked again at the the tutorials, posted in the links and found that my problems are indeed related to the list of permitted roles and accesses.
Here is the list of permitted accesses/roles/resources I need to play with and understand more:
// Added by the Spring Security Core plugin: grails.plugin.springsecurity.userLookup.userDomainClassName = 'furqanforum.SecUser' grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'furqanforum.SecUserSecRole' grails.plugin.springsecurity.authority.className = 'furqanforum.SecRole' grails.plugin.springsecurity.controllerAnnotations.staticRules = [ '/': ['permitAll'], '/forum/**': ['permitAll'], '/index': ['permitAll'], '/index.gsp': ['permitAll'], '/assets/**': ['permitAll'], '/**/js/**': ['permitAll'], '/**/css/**': ['permitAll'], '/**/images/**': ['permitAll'], '/**/favicon.ico': ['permitAll'], '/login/**': ['permitAll'], '/logout/**': ['permitAll'] ]
Thanks all who positively contributed to helping me help myself and gain a new skill!
I am reading more on spring security and tweaking and I learn. But based on the checked answer and the replies and suggestions, this solved my issue,
Upvotes: 1
Views: 403
Answers (1)
Reputation: 75681
You can't just change from version 1.x to 2.x without any configuration changes. Read the What's New information and more specifically read the changes here.
Previously the plugin allowed access unless it required a role that the user didn't have, but now the plugin defaults to denying all access unless it's explicitly allowed. Old tutorials that use the 1.x versions of the plugin wouldn't be aware of that.
Upvotes: 1
Related Questions
- grails 3 spring security - authentication does not working
- Not getting to run-app with Spring Security in Grails 3.3.11
- Grails Spring Security sample application not working
- Grails Spring Security Rest - 403 Forbidden
- Grails spring security denying access to other plugin
- Problems setting up Spring Security in Grails
- Grails Spring Security Core unable to log in
- Authentication failed - Bad credentials in grails spring security
- Grails + Spring Security: unable to login
- grails spring security is not working properly