How to Allow CKEditor upload images in Grails when using Spring Security
Question
I have a Grails app that uses the Spring Security plugin and is using grails.plugin.springsecurity.controllerAnnotations.staticRules for security rules.
Part of the application is a basic knowledgebase that has just title and details. The details section is using CKEditor plugin which works for text, links and general formatting without problem but I cannot get the image upload and browse functions to work. I get "Sorry, you're not authorized to view this page." when ever I try to either upload or browse server to look for images.
I have the upload directory set as the default /uploads/ and my CKEditor config looks like this :
ckeditor {
config = "/js/myckconfig.js"
skipAllowedItemsCheck = false
defaultFileBrowser = "ofm"
upload {
basedir = "/uploads/"
overwrite = false
link {
browser = true
upload = true
allowed = []
denied = ['html', 'htm', 'php', 'php2', 'php3', 'php4', 'php5',
'phtml', 'pwml', 'inc', 'asp', 'aspx', 'ascx', 'jsp',
'cfm', 'cfc', 'pl', 'bat', 'exe', 'com', 'dll', 'vbs', 'js', 'reg',
'cgi', 'htaccess', 'asis', 'sh', 'shtml', 'shtm', 'phtm']
}
image {
browser = true
upload = true
allowed = ['jpg', 'gif', 'jpeg', 'png']
denied = []
}
flash {
browser = false
upload = false
allowed = ['swf']
denied = []
}
}
}
I'm presuming it is Spring Security that is blocking the access so I have tried adding the /uploads/ directory to the static rules in Config.groovy so that that section looks like this
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll'],
'/**/jasper/**': ['permitAll'],
'/jasper/**': ['permitAll'],
'/**/uploads/**': ['permitAll'],
'**/ck/ofm/filemanager/**': ['permitAll'],
'**/ck/ofm/filetree/**': ['permitAll'],
'/**/reports/**': ['permitAll']
]
I have tried every variation of /uploads/ and /**/uploads/ that I can think of.
I cannot access the the uploads directory or a test image inside it directly via a url but I can when I do that for the /images/ directory. I have tried , for that reason, setting the uploads directory to be the /images/ directory and I still get the same access denied.
I have searched for the answer and the closest post I've seen is this one but it is a different issue to mine and does not give a solution.
2 answers
solution1
1 2015-10-14 20:39:05
I was experiencing the same issue. Try adding this url to your list:
'/ck/**': ['permitAll']
(Actually I wouldn't recommend allowing full access to this url, unless you want anyone to be able to access CKEditor functions).
solution2
0 2015-06-24 13:10:30
I think its the problem with post request you are making when you are trying to upload the image.
configUrl in ofm.gsp passing type and viewMode as null because of that file is not getting uploaded to the corresponding folder..
configUrl="/YourApp/ck/ofm/config?fileConnector=/YourApp/ck/ofm/filemanager&type=Image&viewMode=grid";
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.