Android App Authentication through Grails spring-security-core

Question

I have a grails-app running on:

http:localhost:8080/myapp

with authentication by ajax POST at:

http:localhost:8080/myapp/j_spring_security_check

I'm trying to authenticate from an Android app posting the same ajax request at the same address, authentication seems allright but server send to android app a "redirect" after login, here's my question: ho to avoid redirection on the android app and how to access in the android app to current user properties ?

Thanks by advance for any tips!

Answer 1

You can check if the request is an ajaxrequest by using:

springSecurityService.isAjax(request)

I decided to write my own ajaxSubmit controller action, because i had some trouble with the redirection issue as well. I did this purely for proof of concept, so the example might not be the neatest out there.

def ajaxSubmit = {
    if(!springSecurityService.isAjax(request)) {
        redirect action: "authfail"
        return
    }

    def token = new UsernamePasswordAuthenticationToken(params.j_username, params.j_password)
    try {
        UserDetails userDetails = userDetailsService.loadUserByUsername(params.j_username)
        token.setDetails( userDetails )
    } catch (UsernameNotFoundException unfe) {
        request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, unfe)
        redirect action: "authfail"
        return
    }

    try {
        def authSession = authenticationManager.authenticate(token)
        SCH.getContext().setAuthentication(authSession)
        redirect action: "ajaxSuccess"
        return
    } catch (AuthenticationException ae) {
        request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, ae)
        redirect action: "authfail"
        return
    }
}