Here’s a quick gotcha for you. You set up a favicon in the root of your web app, as is the convention, and when you log in you are redirected to a picture of your favicon or you are asked to download it… Weird.
Odds on you’ve installed the Spring Security plugin and forgotten to give permission to the favicon file in the root and the result is that on login Spring Security redirects you to the first restricted item that was requested by the browser – the favicon.
The solution? Easy, set the favicon path to IS_AUTHENTICATED_ANONYMOUSLY in your SecurityConfig.groovy (or database):
controllerAnnotationStaticRules = [
'/favicon.ico' : ['IS_AUTHENTICATED_ANONYMOUSLY'],
Aspect Oriented Programming is a concept which will be familiar to users of the Spring Framework as one of its core features. However, the details of how to get AOP working in Grails appear thin on the ground, so in this post I will show how to set up a simple aspect then configure and apply it using attributes. I will assume some familiarity with Spring AOP so I won’t explain the terminology or general concepts since they are exactly the same in Java as they are in Grails. Continue reading →
Following on from my post on how to log in a user using the Grails Acegi/Spring Security plugin I stumbled into a new use for the same code when I tried to update a user’s own details while logged in. The security plugin caches the user’s domain object so any changes are not seen until the next login (wholly unhelpful when you’re trying to implement account management on a Website!).
Continue reading →
The Grails Spring Security plugin is a wonderful thing and certainly worthy of more time spent on it than in this quick post. It saves days, if not weeks of work, plumbing in the standard security model of most websites. Notwithstanding its obvious benefits, I have noticed that many people struggle with some features of it, especially when retro-fitting it to an existing database schema and I can only assume it’s because the best examples of performing common tasks are only seen when generating the classes from scratch, using the generate-registration and generate-manager scripts.
Continue reading →