Search code examples
springgrailsspring-security

Grails 3 Spring Security override login form

I've found a few things from spring documentation that you can override the login controller and form. I just want to override the login form itself while keeping the default controller. I found this:

In the grails security plugin, the login gsp page is located at grails-app/views/login/auth.gsp and the controller at grails-app/controllers/grails/plugin/springsecurity/LoginController.groovy. I don't think the controller can be overwritten by simply creating your own implementation, but you should be able to override the gsp page by placing your own auth.gsp in the same path shown above, in your app.

https://plus.google.com/117486613280979732172/posts/cvqcfAQVWE6

However, this is just not working to override the page and the default page keeps coming up. Has anyone done this with Grails 3 and spring security libraries?

EDIT: I'm using OAuth2 by using these libraries and setting up my own beans. I think the other way might be to use grails plugins for spring security. Is there a way to override the login page using these libraries?

compile "org.springframework.boot:spring-boot-starter-security"
compile "org.springframework.security.oauth:spring-security-oauth2:2.0.8.RELEASE"
Solution

  • Ok, since I'm not using the grails spring security plugin, I needed to replace the login page by the guidance here: http://docs.spring.io/spring-security/site/docs/3.2.x/guides/form.html

    Essentially, I had to create a LoginController

    class LoginController {
def auth() {

}

def error() {

}

    Then, I placed the views in the respective paths: views/login/auth, views/login/error

    Here is a sample auth.gsp

    <html>
<body>
<h1 id="banner">Login to Security Demo</h1>
<form name="f" action="/login/auth"
      method="POST">
    <table>
        <tr>
            <td>Username:</td>
            <td><input type='text' name='username' /></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type='password' name='password'></td>
        </tr>
        <tr>
            <td colspan="2">&nbsp;</td>
        </tr>
        <tr>
            <td colspan='2'><input name="submit" type="submit">&nbsp;<input name="reset" type="reset"></td>
        </tr>
    </table>
    <input type="hidden"
           name="${_csrf.parameterName}"
           value="${_csrf.token}"/>
</form>
</body>
</html>

    Then in configuration of the HttpSecurity:

        @Override
public void configure(HttpSecurity http) {
    http
        .authorizeRequests()
        .anyRequest().authenticated()
        .and()
        .formLogin()
            .loginPage('/login/auth')
            .defaultSuccessUrl("/")
            .failureUrl("/login/error")
            .usernameParameter("username").passwordParameter("password")
            .permitAll()
}

    It would be nice to use the grails security plugin but I couldn't figure out how to use OAuth2 with it. If anyone has guidance on that, I'd change my accepted answer.