I am using spring security plugin for Grails. I can get LDAP authenticated and see authorization working as well. When authorization failed, I can see 'Sorry, you're not authorized to view this page'. Where did this error come from?
My SecureController code is the following.
package com.testapp
import grails.plugin.springsecurity.annotation.Secured
import org.springframework.web.context.request.RequestContextHolder
class SecureController {
@Secured(['ROLE_USER'])
def showUser() {
def msg = ' ROLE_USER users see this'
render view: 'enter', model: [msg: msg]
}
@Secured(['ROLE_ADMIN'])
def showAdmin() {
def msg = ' ROLE_ADMIN users see this'
render view: 'enter', model: [msg: msg]
}
}
That page is the denied.gsp view/page from within the Spring security core plugin. This view is shown when access to the requested resource is denied (e.g. fails @Secured
check).
If you want to replace it with your own view, create a new view/page grails-app/views/login/denied.gsp
.