Home/ Questions/Q 6052223
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T07:54:18+00:00

This is not one of the simple questions.. So let me explain it in

  • 0

This is not one of the simple questions.. So let me explain it in detail…

The background:
In my grails application I have this mapping:

class UrlMappings {
    static mappings = {
        "/$storeId/$controller/$action?/$id?"
        ...
    }
}

This means that all url’s my application will process has preceding url parameter “storeId”. All controllers will use this parameter to render content and perform other actions…

Also I have controller with annotation 

@Secured(['IS_AUTHENTICATED_REMEMBERED'])
class SomeController {
    def index = {   
        // ...
    }
}

Let’s say user is trying to access this page:

/555/some/index

If this is unauthenticated user, security-plugin will redirect him to the 

/login/auth

The issue is:
When spring-security will redirect to this page, user will see 404. This happens because login controller will handle only urls like

/555/login/auth

The question is:
What should I do to dynamically build this url?

p.s.
It turns out that:

  • There is config param for
    spring-security, called
    “auth.loginFormUrl”. But this is just
    static text. And I need to build this
    url based on what url influenced this
    redirection
  • The redirection is done (I’m not 100%
    sure) in org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint#commence.
    But how to override it?
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Typically that’s a static value, but it’s called from LoginUrlAuthenticationEntryPoint.getLoginFormUrl(), so you could subclass that and do a dynamic calculation of the url in an overridden method. The plugin already subclasses it with org.codehaus.groovy.grails.plugins.springsecurity.AjaxAwareAuthenticationEntryPoint so you should extend that.

    To register your implementation instead of the plugins, add a bean override in grails-app/conf/spring/resources.groovy:

    import com.yourcompany.yourapp.YourAuthenticationEntryPoint
beans = {
   authenticationEntryPoint(YourAuthenticationEntryPoint) {
      loginFormUrl = '/login/auth' // has to be specified even though it's ignored
      ajaxLoginFormUrl = '/login/authAjax'
      portMapper = ref('portMapper')
      portResolver = ref('portResolver')
   }
}

    You don’t have direct access to the request in this method, but it’s available in a thread-local – call org.codehaus.groovy.grails.plugins.springsecurity.SecurityRequestHolder.getRequest().

    • 0