Pages

Grails - auto login in spring security

Consider a typical web application where you have multiple user roles (like SUPER_ADMIN, OPERATOR, VISITOR etc ) and you need to do login and switch between them frequently. It certainly consumes a lot of time if you do this manually. One simple solution would be to use the browser's password remember feature. But this would not be useful if you need to switch between different role.

Here, I am going to do show how we can setup this mechanism in Grails applications which uses Spring Security plugin.

If you are using Spring Security plugin then, by default you will have following names for html textbox for username and password : j_username and j_password. and you have login request url as http://localhost:8080/YOUR_APP/j_spring_security_check .

The required login script :

It does the login form submission using hidden fields. You need to change YOUR_APP according to your app.
        <script>
        function doLogin(username, password){
                var path='http://localhost:8080/YOUR_APP/j_spring_security_check';
                var params={'j_username':username,'j_password':password};
                var form=document.createElement("form");
                form.setAttribute("method","POST");
                form.setAttribute("action",path);
                //set params into hidden field and submit 
                for(var key in params){
                    var hiddenField=document.createElement("input");
                    hiddenField.setAttribute("type","hidden");
                    hiddenField.setAttribute("name",key);
                    hiddenField.setAttribute("value",params[key]);
                    form.appendChild(hiddenField);
                }document.body.appendChild(form);
                form.submit();
            };
        </script>
Now use this script as :
    <button onClick="doLogin('user1', 'password')">Login-User1</button>
    <button onClick="doLogin('admin1', '123456')">Login-Admin1</button>
    ...for any required roles

Detecting the production environment:


As this feature shouldn't be available in production environment we should do the following check for this.
<g:if test="${env != "production"}">
//login code
</g:if>

The full code

 ( we can post this in layout/main.gsp so that it appears in all pages) :
<body>
    <g:if test="${env != "production"}">
        <script>
        function doLogin(username, password){
                var path='http://localhost:8080/YOUR_APP/j_spring_security_check';
                var params={'j_username':username,'j_password':password};
                var form=document.createElement("form");
                form.setAttribute("method","POST");
                form.setAttribute("action",path);
                //set params into hidden field and submit 
                for(var key in params){
                    var hiddenField=document.createElement("input");
                    hiddenField.setAttribute("type","hidden");
                    hiddenField.setAttribute("name",key);
                    hiddenField.setAttribute("value",params[key]);
                    form.appendChild(hiddenField);
                }document.body.appendChild(form);
                form.submit();
            };
        </script>
    <button onClick="doLogin('operator1', '123456')">Login-Operator1</button>
    <button onClick="doLogin('operator2', '123456')">Login-Operator1</button>
    </g:if>
    ...
    ...
    ...rest of the layout code
    </body>
    
Source : Speed up your Grails / Spring Security Development with an Auto Login Bookmarklet


No comments:

Post a Comment

Your Comment and Question will help to make this blog better...