Grails Spring Security Authentication - GSP error not shown

Question

I am new to Grails Spring Security and am struggling to show the login error message.

The plugin is installed and correctly configured against my DB. When a wrong username/password is provided, LoginController takes over and actions auth > authfail are invoked. That's the correct default behaviour.

THOUGH, when I configure Config.groovy, LoginController takes over calling only auth (without invoking authfail), therefore the error message is not added to flash so to be shown in auth.gsp.

Bellow is my Config.groovy configuration related to Spring Security:

grails.plugins.springsecurity.successHandler.defaultTargetUrl = '/organisation/summaryLandingPage' grails.plugins.springsecurity.logout.afterLogoutUrl = '/login/authfail'

grails.plugins.springsecurity.securityConfigType = "InterceptUrlMap" grails.plugins.springsecurity.interceptUrlMap = [ '/login/auth': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/**': ['IS_AUTHENTICATED_FULLY'] ]

grails.plugins.springsecurity.userLookup.userDomainClassName = 'User' grails.plugins.springsecurity.userLookup.authorityJoinClassName = UserRole' grails.plugins.springsecurity.authority.className = 'lookups.Role' grails.plugins.springsecurity.authority.nameField = 'value' grails.plugins.springsecurity.password.algorithm = 'MD5'

grails.plugins.springsecurity.useSessionFixationPrevention = true

Any help would be much appreciated!

Answer 1

grails.plugins.springsecurity.interceptUrlMap = [ '/login/auth': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/**': ['IS_AUTHENTICATED_FULLY'] ]

It looks like that line is allowing only /login/auth (i.e. LoginController.auth) to be served up to anonymous users. Try adding '/login/authFail': ['IS_AUTHENTICATED_ANONYMOUSLY'] or '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'] to your interceptUrlMap.