Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Login Security in grails

 
Patil Niteen
Ranch Hand
Posts: 48
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am trying to implement security in an application using GRAILS. I am checking the username and password entered by the user with the database stored data. For a valid user access is given to a perticular portal. The problem is that the user can access the pages after logging out of the application. The user can use the "back " button of the browser and can access the recently visited pages in a perticular login. I downloaded the plug-in and made the changes in the Config.groovy file. But still the security feature doesn't work and the user can access the application after logging out.

plug-in: http://grails.org/plugin/cache-headers


Changed the Config.groovy

// Prevent any client side caching for now

cache.headers.enabled = false


Also, I tried to set cache false in the method which is called for a perticular page.

Still could not restrict the user viewing the pages of a perticular login using back button after logout



Thanks,
Nitin.

 
Patil Niteen
Ranch Hand
Posts: 48
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I haven't received any answer till now. Should I shift the question under "Java in General" section?

Thanks,
Nitin.
 
Campbell Ritchie
Sheriff
Pie
Posts: 48967
60
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Patil Niteen wrote:. . . Should I shift the question under "Java in General" section? . . .
No. Please don't ask the same question twice.

It may be that nobody knows the answer, but I can try moving you to the security forum.
 
Patil Niteen
Ranch Hand
Posts: 48
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Campbell Ritchie wrote:
Patil Niteen wrote:. . . Should I shift the question under "Java in General" section? . . .
No. Please don't ask the same question twice.

It may be that nobody knows the answer, but I can try moving you to the security forum.


Thanks , Campbell .

In general, what I need is to restrict the user to view the contents after log-out using the explorer "Back" button. For example, the one which is implemented in GMAIL.

Are there any settings to be made in GRAILS framework for this to work. Or is there any other way through which this can be done.

Thanks,
Nitin.
 
Peter Ledbrook
author
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
GMail manages this because it's AJAX-based and handles the history itself. If you're not using AJAX, then I don't think there's any way to prevent the browser from caching the page. Why is it a problem if the user can see the cached page after pressing back?
 
Patil Niteen
Ranch Hand
Posts: 48
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Peter,


Yes. This is required for the security reason. It may happen that the user logs out and leaves the page as it is. No other person should be able to view the details of this user using BACK button.There may be some confidential information being displayed.

Thanks,
Nitin.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic