tags:

views:

449

answers:

3
+2  Q: 

Grails Security Problem and Search Engine optimization

I'm trying to build a control logic that depends on the current gsp page to call an action, is there a tag or a session method that i can use to identify the current gsp page

I want to restrict access to all GSPs except singup and login, so if a user open any other gsp he will be redirected to signup page and he will also be able to navigate to the login page.

The logic i am trying to implement is like this if current_Page is login.gsp or singup.gsp then do nothing else redirect to signup //where user can navigate to login page with no problems too

And i want to add this logic in the main layout so it gets implemented across all the application domain.

I'm wondering if there is an alternative way of doing this using RequestmapController or UrlMappings?

Anyone with experience in springMVC will be able to help as Grails is built on top SpringMVC, which in turn is built on top of the standard servlet framework!

Note: I'm using Acegi Plugin

Remark: How can the application be SEO-friendly(i.e. Google indexing) with this type of security mechanism implemented?

+1  A: 

You need the Spring security plugin. The best way to do this is not within your GSPs but using a filter on all the web requests. That'll give you the Requestmaps and UrlMappings GrailsNewbie mentioned.

John Stoneham  2009-05-19 01:59:05
Hi, I'm using the acegi plugin, how can I implement that filter so if the user is not signed-in he will only be able to browser to the signup.gsp and login.gsp?
tranced_UT3  2009-05-19 10:24:33
+3  A: 

You should read this: link text

And the tutorial using ACEGI plugin: link text

The latter is the way I would go. It allows you to setup roles and secure "pages" and URLs by role. It also includes a way to create users and assign them to roles.

To install the ACEGI grails plugin, do a: grails install-plugin acegi

tegbains  2009-05-19 06:52:07
I am already using acegi!!! I just don't know how to make a filter that can do the job right!
tranced_UT3  2009-05-19 14:34:43
What I would do is make your roles for the levels of access you want, and then make Requestmap entries for ALL of your URLs, EXCEPT for your registration and login controllers (ACEGI provides both features as optional controllers/views). So if you if you apply a Requestmap to say a controller called TosecureController, it should have a URL of /tosecure in your grails app. In the Requestmap create one for /tosecure/** and it will be secured by the login ACEGI controller/view (I'm paraphrasing)
tegbains  2009-05-19 21:43:01
Easy way - make a general requestmap that matches EVERYTHING and have it require the 'user' role. Then, the things you want to be accessible to anonymous, override for them.
John Stoneham  2009-05-20 04:45:46
+3  A: 

Edit: Sorry, I misunderstood your question. I thought you were looking for an alternative to Requestmaps. That is why I originally suggested securing the controllers with annotations.

If you want to use Requestmaps you could do the following:

  1. Create a new Requestmap that looks like this:
    URL pattern = /login/**
    Role = IS_AUTHENTICATED_ANONYMOUSLY

  2. To restrict access to the rest of the site create another requestmap entry which matches all the urls:
    URL pattern = /*/**
    Role = ROLE_USER (you could use any other role you like)

IS_AUTHENTICATED_ANONYMOUSLY means that anyone can access the matched URLs.The first rule is more specific and therefore should overwrite the second and more general rule.

You can look at AcegiSecurity Plugin - Securing URLs for more information.

Regarding the site's SEO. AFAIK search engines cannot access sites that need authentication. That is why sites like Experts Exchange use sly tricks to get indexed by Google.

You could choose to give anonymous users read access while requiring a login for writing (like SO does). This would allow your site to be indexed by search engine bots.

I hope this helps!

Heinrich Filter  2009-05-19 08:02:39

related questions

How do I get at the goodies in my Grails Config.groovy at runtime?
Running a web app in Grails vs Django
Adding a method to a domain class
Getting Groovy's Grape Going!!!
Groovy question: "except" syntax?
What does it mean for a programming language to be "on rails"?
Groovy parsing JSON vs XML
Parsing XML with multi-line records
How do I redirect a file download using Grails?
Create grails war without version number
What needs checking in for a Grails app?
Grails - Acegi: Customize Authentication Method
J2EE and Grails: Communication with WebServices? Which framework?
Grails 1.0.3 console reports 'premature end of file'
Grails with YUI table example
grails plugin for eclipse and netbeans 6.1
error while using groovy.sql Out parameter.
Rails books?
Rails or Grails?
Is anyone developing facebook apps on Grails
How do I increase the number of default rows per page?
How to check if element in groovy array/hash/collection/list?
How do you access two databases in Grails
How do you change the default homepage in a Grails application?
Learning Ruby on Rails any good for Grails?