grails-spring-security-core

grails-spring-security-core copied to clipboard

Grails: 3.3.2 grails-spring-security-core: 3.2.0

Steps to re-produce:

1. Clone the repo: https://github.com/mamunsrdr/grails-sec-issue
2. Change mysql db config (db name, host. user, pass) in application.yml (doesn't work with h2 as need to restart)
3. run the application and login using (U: super, P: pass) as stated in BootStrap
4. After login->landing on dashboard there are 3 cases described as follow

Problems:

Case 1: after login if user request to an url that they are not authorized for should return 403, instead it gets redirect to ajaxSuccess Case 2: if user is requesting for an url which is not defined should return 404, instead it redirects to ajaxSuccess Case 3: if user is authorized with remember me cookie, after session timeout/server restart they should be able to request authorized, but gets redirect to ajaxSuccess for first call

As case 3 is a bit tricky to produce, please follow:

1. run app then login to dashboard using remember me
2. stop app
3. run app again [do not refresh the page opened in step 1 / also do not initiate any request to server other than step 4], avoid launch browser in idea
4. click on case 4 link to load, the first call redirects to ajaxSuccess (this is the failed case)
5. click again and it loads the content