Details
-
Type:
Bug
-
Status:
Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: Grails-Acegi 0.4
-
Component/s: None
-
Labels:None
-
Environment:java version "1.5.0_11"
grails-1.0.3
acegi-0.3
Description
I battled a bit to get a custom error page to show for 403 errors.
I started with setting errorPage in grails-app/conf/SecurityConfig.groovy, but this didn't do much.
I then had a brief meddle about with grails-app/conf/UrlMappings.groovy to no avail.
I finally figured out that the LoginController has a denied() method which issues a redirect to "/",
instead of looking up the customised value in SecurityConfig.groovy.
The documentation http://www.grails.org/AcegiSecurity+Plugin+-+Customizing+with+SecurityConfig,
states that the default value for errorPage is '/login/denied', which is incorrect although a default page like this would be useful if provided.
The above documentation is easier to read on the codehaus confluence wiki, which interprets the vertical bars as table cells http://docs.codehaus.org/display/GRAILS/AcegiSecurity+Plugin+-+Customizing+with+SecurityConfig.
I changed it to show the views/login/denied.gsp page (per convention - if IS_AUTHENTICATED_FULLY isn't in play it defaults to viewing the GSP with the name of the method) instead of redirecting to '/'. If you need to change it from login/denied you could always do that in SecurityConfig.groovy