Closed long-tran closed 5 years ago
Thanks a lot, long-tran You just save my day. Yesterday I spent full day figuring out and then fighting these "405 - Method Not Allowed" errors after upgrade spring-security-core plugin to to 2.0-RC2 version.
+1 for a developer's day being saved. We use blue-green deployments but form POSTs were not working after restart and often user data was lost.
I had a problem after redefining the filterChain, so I decided to redefine the rememberMeAuthenticationFilter in resources.groovy and not set the authenticationSuccessHandler, which has the effect of terminating and redirecting the request after a remember-me authentication:
rememberMeAuthenticationFilter(GrailsRememberMeAuthenticationFilter,
ref('authenticationManager'), ref('rememberMeServices'), ref('requestCache')) {
createSessionOnSuccess = SpringSecurityUtils.securityConfig.rememberMe.createSessionOnSuccess // true
}
@long-tran is this still an issue in the 3.2.x version of the plugin?
If so, would you be so kind as to attach or link to an app which duplicates the problem?
With the plugin version 2.0-RCX, I noticed that after everytime I restart my Grails app, my first POST/PUT/DELETE request (with valid remember me cookies) will be automatically redirected to the same URI, thus, changing the method to GET (redirect behavior) and removed all my POSTED json data, causing a lot of problem.
Is this something to do with the SavedRequest feature or something? I had to fall back to the previous remember me filter by: 1 . Define new filter in resources.groovy file:
myOldRememberMeAuthenticationFilter(org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter) {
authenticationManager = ref('authenticationManager')
rememberMeServices = ref('rememberMeServices')
}
2 . Redefine filterChain in Config.groovy (to remove the new GrailsRememberMeAuthenticationFilter):
grails.plugin.springsecurity.filterChain.filterNames = [
'securityContextPersistenceFilter', 'logoutFilter',
'authenticationProcessingFilter', 'myOldRememberMeAuthenticationFilter',
'anonymousAuthenticationFilter',
'exceptionTranslationFilter', 'filterInvocationInterceptor'
]
Hope someone have a new solution for this.