MissingPropertyException on Spring Security authentication failure

[MichaelMorett]

Relevant plugins: runtime ':profiler:0.5-SNAPSHOT' runtime ':miniprofiler:0.2' compile ":spring-security-core:1.2.7.3" compile ":spring-security-ldap:1.0.6"

Entered the wrong password and instead of being redirected(?) to the login page with a flash message telling me that the username/password combination is invalid, I received this exception:

groovy.lang.MissingPropertyException: g at ProfilerGrailsPlugin$_processController_closure4.doCall(ProfilerGrailsPlugin.groovy:171) at LoginController$_closure6.doCall(LoginController.groovy:108) at com.linkedin.grails.profiler.ProfilerFilter.doFilterInternal(ProfilerFilter.java:82) at com.energizedwork.miniprofiler.MiniProfilerFilter.doFilterInternal(MiniProfilerFilter.java:37) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) at java.lang.Thread.run(Thread.java:680)

More info:

Error 500: Internal Server Error

URI /assetManagement/login/authfail Class groovy.lang.MissingPropertyException Message g

Around line 108 of grails-app/controllers/LoginController.groovy

105: msg = g.message(code: "springSecurity.errors.login.locked")106: }107: else {108: msg = g.message(code: "springSecurity.errors.login.fail")109: }110: }111:

Around line 82 of ProfilerFilter.java

79: // Pass execution on to the next filter.80: ProfilerFilterResponse filterResponse = new ProfilerFilterResponse(response);81: try {82: filterChain.doFilter(request, filterResponse);83: }84: finally {85: // End time.

Around line 37 of MiniProfilerFilter.java

34: miniProfiler = profilerProvider.start(ProfileLevel.Info);35: httpServletResponse.addHeader("X-MiniProfiler-Ids", "[\"" + miniProfiler.getId().toString() + "\"]");36: }37: filterChain.doFilter(httpServletRequest, httpServletResponse);38: } finally {39: if(miniProfiler != null) {40: miniProfiler.stop();

[MichaelMorett]

Found something pretty big. Huge. Massive.

Even if I wrap the miniprofiler javascript tag as so...

  <g:if test="${Environment.current == Environment.DEVELOPMENT}">
    <miniprofiler:javascript/>
  </g:if>

...it will still produce the error described above on environments such as TEST and PROD.

This means, for all intents and purposes, that no one dare use this plugin on apps that require authentication via Spring Security Core (not sure if the LDAP part is related yet).

Let me rephrase that: you can still use this plugin, but you better be damn sure to disable it at the BuildConfig level before you deploy to PROD. That is immensely risky.

[tomdcc]

There's a config option grails.profiler.disable. Set it to true to disable both the profiler and miniprofiler plugins. Then nothing is running at all at runtime - nothing gets intercepted at all.

[tomdcc]

Obviously I need some docco :)

[MichaelMorett]

We meet again Tom. :-)

I didn't know about that option (read: I didn't read the docs too thoroughly). Thanks a bunch.

BTW...thanks to your plugin, I'm seeing that some of my views are heavy. Really heavy. This plugin is gold.

[tomdcc]

Great, that's exactly how I hoped it would be used (and how I needed to use it when I was dreaming about it existing lest year :) ).

Your LoginController is trying to call the g.message tag, and somehow the interceptor which is supposed to be intercepting action closures is getting it confused. I'll have a look, there may be a quick fix that I can sneak in to the profiler plugin before the next release. Strictly speaking this is a problem with the profiler plugin, but that doesn't matter, I'll see what can be done.

[tomdcc]

Hi Michael

Could you please try again with the latest 0.5-SNAPSHOT of the profiler plugin? If that works for you I'll release it as 0.5. Cheers, Tom

[MichaelMorett]

Hi Tom....I did. (I thought I mentioned that somewhere). It works perfectly with 0.5-SNAPSHOT. Great job.

[tomdcc]

OK, released as 0.5