Grails Spring Security: redirect after login success/failure
I'm using version 1.2 of the Spring Security plugin in a Grails application. I want login attempts to be handled in the following way:
Success
- if the login was triggered by an attempt to access a protected page, send them to that page
- if the user logged in "directly" redirect them back to the home page
Failure
- Send them to a "try again" login page and populate the form thereon with the invalid login details they entered (except for the password fields). This "try again" login page is not the same page that they use to login the first time
I've had a look at the Events section of the plugin's manual, which seems to cover this ground. However there doesn't seem to be any way to redirect a user within these event handlers.
Answer
You're basically describing how it currently works except for re-displaying login details, which is straightforward.
When you click a secured link and aren't logged in, a SavedRequest is stored in the session to keep track of where you were trying to go. After a successful login, this object is inspected and the redirect is built from it. If you go directly to the login page there's no saved info, so it redirects to a default location. By default it's the root of the app ('/') but it's configurable, e.g.
grails.plugins.springsecurity.successHandler.defaultTargetUrl = '/home'
To get the previously entered login name to re-display, use the SPRING_SECURITY_LAST_USERNAME session key in auth.gsp:
<input type='text' class='text_' name='j_username' id='username'
value="${session['SPRING_SECURITY_LAST_USERNAME']}" />