search

jeffwils / grails-spring-security-saml

Grails Spring Security SAML2.0 Plugin for Grails 3
8 stars 25 forks source link

defaultFailureUrl should be configurable #52

Closed jnunderwood closed 5 years ago

jnunderwood commented 5 years ago

The method authenticationFailureHandler() in the file SpringSecuritySamlGrailsPlugin.groovy has a hard-coded value for defaultFailureUrl. It references a log4J controller(?) that does not exist in the project, causing login failures to further fail in an unexpected way. It should have a more reasonable default value, such as conf.failureHandler.defaultFailureUrl.

SpringSecuritySamlGrailsPlugin.groovy:

authenticationFailureHandler(AjaxAwareAuthenticationFailureHandler) {
    redirectStrategy = ref('redirectStrategy')
    defaultFailureUrl = '/log4J/logging' //conf.failureHandler.defaultFailureUrl //'/login/authfail?login_error=1'
    useForward = conf.failureHandler.useForward // false
    ajaxAuthenticationFailureUrl = conf.failureHandler.ajaxAuthFailUrl // '/login/authfail?ajax=true'
    exceptionMappings = conf.failureHandler.exceptionMappings // [:]
}
valentingoebel commented 5 years ago

This change has already been merged in the past into the develop branch (See SpringSecuritySamlGrailsPlugin.groovy) and will be available in the next release.

irstevenson commented 5 years ago

Noting @jnunderwood 's thumbs up and that it's planned for next release (hopefully soon), so closing ticket.