Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Labels:
      None
    • Environment:
      Grails 2.0.0

      Activity

      Hide
      Simone added a comment -

      complete application with problem

      Show
      Simone added a comment - complete application with problem
      Hide
      Simone added a comment -

      Any news about this bug ?

      Show
      Simone added a comment - Any news about this bug ?
      Hide
      Simone added a comment -

      No news ?

      Show
      Simone added a comment - No news ?
      Hide
      Alexandre Michetti Manduca added a comment - - edited

      I have the same issue... My code is something like this:

       
      @Secured(['SOME_ROLE'])
      def list() {
        ...
        withFormat {
          html {
            ...
          }
          json {
            ...
          }
        }
      }
      

      Trying to access .../<controller>/list redirects me to the login page, but I'm not redirected accessing .../<controller>/list.json

      I'm using:
      Grails 2.0.4
      Spring Security Core 1.2.7.3

      Show
      Alexandre Michetti Manduca added a comment - - edited I have the same issue... My code is something like this: @Secured(['SOME_ROLE']) def list() { ... withFormat { html { ... } json { ... } } } Trying to access .../<controller>/list redirects me to the login page, but I'm not redirected accessing .../<controller>/list.json I'm using: Grails 2.0.4 Spring Security Core 1.2.7.3
      Hide
      Germán Sancho added a comment -

      Hello,

      Same problem here. Even though this can be bypassed by setting grails.mime.file.extensions = false in Config.groovy (see http://stackoverflow.com/a/8592479), this is a severe problem that should be corrected. It should be at least clearly explained in the plugin documentation.

      I just realized that all the parts of my application that (I thought) were secured this way were in fact exposed to anybody adding a '.xml' at the end of the URL. Including such delicate things as the /console URL of the cosole plugin...

      Show
      Germán Sancho added a comment - Hello, Same problem here. Even though this can be bypassed by setting grails.mime.file.extensions = false in Config.groovy (see http://stackoverflow.com/a/8592479 ), this is a severe problem that should be corrected. It should be at least clearly explained in the plugin documentation. I just realized that all the parts of my application that (I thought) were secured this way were in fact exposed to anybody adding a '.xml' at the end of the URL. Including such delicate things as the /console URL of the cosole plugin...

        People

        • Assignee:
          Burt Beckwith
          Reporter:
          Simone
        • Votes:
          4 Vote for this issue
          Watchers:
          5 Start watching this issue

          Dates

          • Created:
            Updated:
            Resolved: