I have installed spring-security-core & spring-security-ui. also added testuser in roleadmin.
when I run the application I get all the controllers list, Login controller worked with username & password. but When click other controller its says
'Sorry, you're not authorized to view this page.'
Do I need to add any other role to get the user and role management UI access?
plugin version.
compile ':spring-security-core:2.0-RC2' compile ":spring-security-ui:1.0-RC1"
accessing this URL: //127.0.0.1:8080/sec-test/role/search
here is my screen, after login.
First create your roles and test user in BootStrap.groovy:
import springsecurity.User
import springsecurity.Role
import springsecurity.UserRole
class BootStrap {
def init = { servletContext ->
def adminRole = new Role(authority: 'ROLE_ADMIN').save(flush: true)
def userRole = new Role(authority: 'ROLE_USER').save(flush: true)
def testUser = new User(username: 'testusername', password: '1234')
testUser.save(flush: true)
UserRole.create testUser, adminRole, true
assert User.count() == 1
assert Role.count() == 2
assert UserRole.count() == 1
}
def destroy = {
}
}
Then override as suggested:
grails s2ui-override auth
grails s2ui-override layout
grails s2ui-override user package.name
grails s2ui-override role package.name
Finally added the secured annotations to your controllers, i.e.:
package springsecurity
import grails.plugin.springsecurity.annotation.Secured
@Secured(['ROLE_ADMIN'])
class RoleController extends grails.plugin.springsecurity.ui.RoleController {
}
better method is make anounymous registration by those instructions :
grails s2ui-override auth
, grails s2ui-override layout
, grails s2ui-override user com.myApp
,grails s2ui-override role com.myApp
, grails s2ui-override register com.myApp
and add this to Register controller :
import grails.plugin.springsecurity.annotation.Secured
@Secured(['ROLE_ANONYMOUS'])
class RegisterController extends grails.plugin.springsecurity.ui.RegisterController {
}
By default grails uses a pessimist approach for url locking, which means that it shows the same message "Sorry you are not authorized to view this URL" if that url is not explicitly white listed. Apart from adding @Secured to your controller you could also add the following to your config/conf.groovy
file and white list the URL:
'/action': ['ROLE_ADMIN']
'/action' =
url to your action. could also be clubbed with wild cards eg:
'/**/css/**': ['permitAll']
['ROLE_ADMIN'] =
the role which can access the url
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With