-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
a041689
commit e1734f3
Showing
19 changed files
with
1,008 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,24 @@ | ||
class UrlMappings { | ||
|
||
static mappings = { | ||
"/$controller/$action?/$id?"{ | ||
constraints { | ||
// apply constraints here | ||
} | ||
} | ||
|
||
"/"(view:"/index") | ||
"500"(view:'/error') | ||
} | ||
|
||
static mappings = { | ||
|
||
|
||
"/login/auth" { | ||
controller = 'openId' | ||
action = 'auth' | ||
} | ||
"/login/openIdCreateAccount" { | ||
controller = 'openId' | ||
action = 'createAccount' | ||
} | ||
"/$controller/$action?/$id?" { | ||
constraints { | ||
// apply constraints here | ||
} | ||
} | ||
|
||
"/"(view: "/index") | ||
"500"(view: '/error') | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,134 @@ | ||
import grails.converters.JSON | ||
|
||
import javax.servlet.http.HttpServletResponse | ||
|
||
import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils | ||
|
||
import org.springframework.security.authentication.AccountExpiredException | ||
import org.springframework.security.authentication.CredentialsExpiredException | ||
import org.springframework.security.authentication.DisabledException | ||
import org.springframework.security.authentication.LockedException | ||
import org.springframework.security.core.context.SecurityContextHolder as SCH | ||
import org.springframework.security.web.WebAttributes | ||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter | ||
|
||
class LoginController { | ||
|
||
/** | ||
* Dependency injection for the authenticationTrustResolver. | ||
*/ | ||
def authenticationTrustResolver | ||
|
||
/** | ||
* Dependency injection for the springSecurityService. | ||
*/ | ||
def springSecurityService | ||
|
||
/** | ||
* Default action; redirects to 'defaultTargetUrl' if logged in, /login/auth otherwise. | ||
*/ | ||
def index = { | ||
if (springSecurityService.isLoggedIn()) { | ||
redirect uri: SpringSecurityUtils.securityConfig.successHandler.defaultTargetUrl | ||
} | ||
else { | ||
redirect action: auth, params: params | ||
} | ||
} | ||
|
||
/** | ||
* Show the login page. | ||
*/ | ||
def auth = { | ||
|
||
def config = SpringSecurityUtils.securityConfig | ||
|
||
if (springSecurityService.isLoggedIn()) { | ||
redirect uri: config.successHandler.defaultTargetUrl | ||
return | ||
} | ||
|
||
String view = 'auth' | ||
String postUrl = "${request.contextPath}${config.apf.filterProcessesUrl}" | ||
render view: view, model: [postUrl: postUrl, | ||
rememberMeParameter: config.rememberMe.parameter] | ||
} | ||
|
||
/** | ||
* The redirect action for Ajax requests. | ||
*/ | ||
def authAjax = { | ||
response.setHeader 'Location', SpringSecurityUtils.securityConfig.auth.ajaxLoginFormUrl | ||
response.sendError HttpServletResponse.SC_UNAUTHORIZED | ||
} | ||
|
||
/** | ||
* Show denied page. | ||
*/ | ||
def denied = { | ||
if (springSecurityService.isLoggedIn() && | ||
authenticationTrustResolver.isRememberMe(SCH.context?.authentication)) { | ||
// have cookie but the page is guarded with IS_AUTHENTICATED_FULLY | ||
redirect action: full, params: params | ||
} | ||
} | ||
|
||
/** | ||
* Login page for users with a remember-me cookie but accessing a IS_AUTHENTICATED_FULLY page. | ||
*/ | ||
def full = { | ||
def config = SpringSecurityUtils.securityConfig | ||
render view: 'auth', params: params, | ||
model: [hasCookie: authenticationTrustResolver.isRememberMe(SCH.context?.authentication), | ||
postUrl: "${request.contextPath}${config.apf.filterProcessesUrl}"] | ||
} | ||
|
||
/** | ||
* Callback after a failed login. Redirects to the auth page with a warning message. | ||
*/ | ||
def authfail = { | ||
|
||
def username = session[UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY] | ||
String msg = '' | ||
def exception = session[WebAttributes.AUTHENTICATION_EXCEPTION] | ||
if (exception) { | ||
if (exception instanceof AccountExpiredException) { | ||
msg = SpringSecurityUtils.securityConfig.errors.login.expired | ||
} | ||
else if (exception instanceof CredentialsExpiredException) { | ||
msg = SpringSecurityUtils.securityConfig.errors.login.passwordExpired | ||
} | ||
else if (exception instanceof DisabledException) { | ||
msg = SpringSecurityUtils.securityConfig.errors.login.disabled | ||
} | ||
else if (exception instanceof LockedException) { | ||
msg = SpringSecurityUtils.securityConfig.errors.login.locked | ||
} | ||
else { | ||
msg = SpringSecurityUtils.securityConfig.errors.login.fail | ||
} | ||
} | ||
|
||
if (springSecurityService.isAjax(request)) { | ||
render([error: msg] as JSON) | ||
} | ||
else { | ||
flash.message = msg | ||
redirect action: auth, params: params | ||
} | ||
} | ||
|
||
/** | ||
* The Ajax success redirect url. | ||
*/ | ||
def ajaxSuccess = { | ||
render([success: true, username: springSecurityService.authentication.name] as JSON) | ||
} | ||
|
||
/** | ||
* The Ajax denied redirect url. | ||
*/ | ||
def ajaxDenied = { | ||
render([error: 'access denied'] as JSON) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils | ||
|
||
class LogoutController { | ||
|
||
/** | ||
* Index action. Redirects to the Spring security logout uri. | ||
*/ | ||
def index = { | ||
// TODO put any pre-logout code here | ||
redirect uri: SpringSecurityUtils.securityConfig.logout.filterProcessesUrl // '/j_spring_security_logout' | ||
} | ||
} |
Oops, something went wrong.