Reputation: 21
How to prevent direct access to *.gsp pages in Grails
Could anyone advise a feasible solution to prevent direct access to *.gsp pages on Grails?
After reviewing intercepting '/**.gsp', I found it is impossible to use that as it not only filters out direct access, but also the pages rendering from controllers, etc.
I tried to setup the following in UrlMapping.groovy, even though I can prevent the *.gsp direct access, but I also make a mess to the navigation of the pages; all the links seem to go to home page then.
"/**.gsp" {
isEligible = {
System.err.println("ALL PARAMS: " + params)
request.requestURL.toString().endsWith(".gsp")
}
controller = {
if (request.requestURL.toString().endsWith(".gsp")) {
"public"
} else {
"*"
}
}
action = {
if (request.requestURL.toString().endsWith(".gsp")) {
"home"
} else {
"*"
}
}
}
Once I thought about setup filter like org.springframework.web.filter.OncePerRequestFilter, but not quite sure how to define it probably as Grails tends to generate the web.xml filters section by itself.
Any thoughts?
Thanks a lot! tom
Upvotes: 2
Views: 1443
Answers (4)
Reputation: 11
Add these to UrlMappings:
"/**.gsp" {
controller = {
if(request.requestURL.toString().endsWith(".gsp")) {
"forbidden"
} else params.controller
}
}
And create a ForbiddenController and an index.gsp with "Never think of accessing GSPs directly dude." as its content.
Cheers.
Upvotes: 1
Reputation: 3080
What about writing a filter that will be executed on each request ?
Upvotes: 0
Reputation: 6526
unfortunately I did not find a solution with UrlMappings. here is a solution which is little bit ugly but if you use the same layout (for example main.gsp) on all pages you could add this lines to the layout (main.gsp).
<% if (request.requestURL.toString().endsWith(".gsp")) {
response.sendRedirect("${request.contextPath}/")
} %>
this way if the user tries to access the gsp page direct he gets redirected to the home page.
maybe not the best solution but did work for me so far.
cheers shifty
Upvotes: 1
Reputation: 6526
according to the grails FAQ the "/**.gsp" configuration in the UrlMapping.groovy should work.
couldn't try it out yet.
How did you add the links to the page ? Are the links also broken when you use the link tag ?
<g:link controller="book" action="list">Book List</g:link>
Upvotes: 0
Related Questions
- Grails - Disable default url mappings
- Grails: Redirect to index.gsp that is not in any controller
- Grails URL mapping for resources that don't exist
- Prevent access to a given URL if accessed from particular page
- generic view url mapping in grails
- Restrict specific page in grails webapplication
- Grails is it possible to protect the .gsp files?
- Grails URL mapping cause error on GSP
- Grails: How to protect gsp views with shiro?
- Grails security filter and /index.gsp