Grails spring security ui login strange redirect sometimes
Good day,
I am working on an application in Grails where I am trying to use spring security core and ui. Specifically, I used s2ui-override to override user, role, auth and layout.
This usually works. Now I am facing a very strange problem and I cannot fix it.
When I click on the login link to my home page, I am taken to the s2ui login page as expected. When I fill in the known credentials and click the login button, I get the message "Sorry, you are not authorized to view this page"; while the url displayed in the Firefox URL bar is
http://localhost:8080/galaxy/plugins/jquery-ui-1.10.3/jquery-ui/themes/ui-lightness/jquery-ui-1.10.3.custom.css
I had this behavior before, but (I thought I had) fixed it by adding the following two lines to grails.plugin.springsecurity.controllerAnnotations.staticRules in my Config.groovy
'/login/**': ['permitAll'],
'/logout/**': ['permitAll']
The weird part of this is that if I click back in the browser, I return to the s2ui login bar (fields are empty); if I fill them in again (same user) and hit the login button, this time I am redirected to the home page as expected.
This behavior, as far as I can see, is consistent, i.e. it works a second time every time.
source to share
I'm pretty sure this is because the redirected resource is being blocked by the Spring Security plugin requesting a login and returning to the requesting asset.
Double check that grails.plugin.springsecurity.controllerAnnotations.staticRules contains the correct entry to match the provided / requested resource.
Config.groovy:
grails.plugin.springsecurity.controllerAnnotations.staticRules =[
'/plugins/**':['permitAll']
The root cause of this is probably due to the Spring Security UI not plugin (yet?) Using the Asset Pipeline, which is now the default.
source to share