aspose file tools*
The moose likes Security and the fly likes Login Security in grails Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Login Security in grails" Watch "Login Security in grails" New topic
Author

Login Security in grails

Patil Niteen
Ranch Hand

Joined: Dec 10, 2009
Posts: 48

Hi,
I am trying to implement security in an application using GRAILS. I am checking the username and password entered by the user with the database stored data. For a valid user access is given to a perticular portal. The problem is that the user can access the pages after logging out of the application. The user can use the "back " button of the browser and can access the recently visited pages in a perticular login. I downloaded the plug-in and made the changes in the Config.groovy file. But still the security feature doesn't work and the user can access the application after logging out.

plug-in: http://grails.org/plugin/cache-headers


Changed the Config.groovy

// Prevent any client side caching for now

cache.headers.enabled = false


Also, I tried to set cache false in the method which is called for a perticular page.

Still could not restrict the user viewing the pages of a perticular login using back button after logout



Thanks,
Nitin.


SCJP 1.4, SCWCD 5
Patil Niteen
Ranch Hand

Joined: Dec 10, 2009
Posts: 48

Hi,

I haven't received any answer till now. Should I shift the question under "Java in General" section?

Thanks,
Nitin.
Campbell Ritchie
Sheriff

Joined: Oct 13, 2005
Posts: 38412
    
  23
Patil Niteen wrote:. . . Should I shift the question under "Java in General" section? . . .
No. Please don't ask the same question twice.

It may be that nobody knows the answer, but I can try moving you to the security forum.
Patil Niteen
Ranch Hand

Joined: Dec 10, 2009
Posts: 48

Campbell Ritchie wrote:
Patil Niteen wrote:. . . Should I shift the question under "Java in General" section? . . .
No. Please don't ask the same question twice.

It may be that nobody knows the answer, but I can try moving you to the security forum.


Thanks , Campbell .

In general, what I need is to restrict the user to view the contents after log-out using the explorer "Back" button. For example, the one which is implemented in GMAIL.

Are there any settings to be made in GRAILS framework for this to work. Or is there any other way through which this can be done.

Thanks,
Nitin.
Peter Ledbrook
author
Greenhorn

Joined: Jul 15, 2009
Posts: 25
GMail manages this because it's AJAX-based and handles the history itself. If you're not using AJAX, then I don't think there's any way to prevent the browser from caching the page. Why is it a problem if the user can see the cached page after pressing back?
Patil Niteen
Ranch Hand

Joined: Dec 10, 2009
Posts: 48

Hi Peter,


Yes. This is required for the security reason. It may happen that the user logs out and leaves the page as it is. No other person should be able to view the details of this user using BACK button.There may be some confidential information being displayed.

Thanks,
Nitin.
 
Don't get me started about those stupid light bulbs.
 
subject: Login Security in grails