3

I have a Grails app in STS 3.1 with a REST API laid out in UrlMappings.groovy and a group of controllers. I installed the SpringSecurity stuff so I have Login/Logout controllers and RegistrationCodeController etc. I have been using the browser interface to login but I need to start logging in from a REST client.

What are the specific urls and requests I need to use to register / login / check logged in / logout?

I have been able to login by POSTing j_username and j_password to /j_spring_security_check. But, if I first make a request which fails authentication, then POSTing to /j_spring_security_check automatically returns the results of the initial, failed request. I need a way to login that always returns success/error status and User.id on success.

Improve this question

1 Answer 1

Reset to default
2

In Config.groovy, insert some config items:

grails.plugins.springsecurity.successHandler.alwaysUseDefault = true grails.plugins.springsecurity.successHandler.defaultTargetUrl = "/rest/success" grails.plugins.springsecurity.failureHandler.defaultFailureUrl = "/rest/failed"

This will force successful login to be redirected to /rest/success. Then in this method, return the user.id:

import grails.converters.JSON class RestController { def springSecurityService def success() { def response = ['status':'success', 'id':springSecurityService.currentUser.id] render response as JSON } def failed() { def response = ['status': 'failed'] render response as JSON } }
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I can see why this should work. Unfortunately, when I first request a controller that needs auth, then I POST to /j_spring_security_check, I am still redirected to the response from the first request. Should I be logging in by some other request instead of POST to /j_spring_security_check ?
I think post to it is fine, given that original auth login form has the same thing. Does it work in web page direct login scenario?
defaultTargetUrl redirect works for web page login but not for POST from my rest client.
Is that request an Ajax one? Then you should define successHandler. ajaxSuccessUrl and failureHandler. ajaxAuthFailUrl. Post some code to the question may be helpful.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.