I am using the spring-security-core plugin and I have created a custom denied.gsp page under /views/login/denied.gsp. If I go to the page directly via /login/denied I can see that the layout was applied. However, if I attempt to access a restricted page and I am routed to the denied.gsp it just renders the exact html without processing the layout.
<html><head>
<title>Denied</title>
<meta name="layout" content="main">
</head>
<body>
<section class="breadcrumb p07">
<p><a href="/">Home</a> Denied</p>
</section>
<section class="content">
<p>Sorry, you're not authorized to view this page.</p>
</section>
</body></html>
I have these set to false, so that everything is not locked down by default:
grails.plugin.springsecurity.rejectIfNoRule = false
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
AdminController:
@Secured(['ROLE_ADMIN'])
class AdminController {
def index() {
}
}
So for example, I am logged in as ROLE_USER and then go to /admin, it correctly denies me. Yet, it has no styling on the page.
There are no additional rules regarding css, js, etc.
I can't figure out why the styling is not applied in this case. Any ideas?
At first get familiar with this one https://github.com/grails-plugins/grails-spring-security-core/issues/177
As a work-around I would recommend you below mentioned steps.
In your UrlMappings.groovy make modification:
"500"(controller: "error", action: "denied")
In your Config.groovy file override errorPage property
grails.plugin.springsecurity.adh.errorPage = null
And add action in your controller:
def denied() {
render(view: '/login/denied')
}
This works for me.