• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Login Security in grails

 
Ranch Hand
Posts: 48
Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I am trying to implement security in an application using GRAILS. I am checking the username and password entered by the user with the database stored data. For a valid user access is given to a perticular portal. The problem is that the user can access the pages after logging out of the application. The user can use the "back " button of the browser and can access the recently visited pages in a perticular login. I downloaded the plug-in and made the changes in the Config.groovy file. But still the security feature doesn't work and the user can access the application after logging out.

plug-in: http://grails.org/plugin/cache-headers


Changed the Config.groovy

// Prevent any client side caching for now

cache.headers.enabled = false


Also, I tried to set cache false in the method which is called for a perticular page.

Still could not restrict the user viewing the pages of a perticular login using back button after logout



Thanks,
Nitin.

 
Patil Niteen
Ranch Hand
Posts: 48
Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I haven't received any answer till now. Should I shift the question under "Java in General" section?

Thanks,
Nitin.
 
Marshal
Posts: 79058
375
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Patil Niteen wrote:. . . Should I shift the question under "Java in General" section? . . .

No. Please don't ask the same question twice.

It may be that nobody knows the answer, but I can try moving you to the security forum.
 
Patil Niteen
Ranch Hand
Posts: 48
Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Campbell Ritchie wrote:

Patil Niteen wrote:. . . Should I shift the question under "Java in General" section? . . .

No. Please don't ask the same question twice.

It may be that nobody knows the answer, but I can try moving you to the security forum.



Thanks , Campbell .

In general, what I need is to restrict the user to view the contents after log-out using the explorer "Back" button. For example, the one which is implemented in GMAIL.

Are there any settings to be made in GRAILS framework for this to work. Or is there any other way through which this can be done.

Thanks,
Nitin.
 
author
Posts: 25
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
GMail manages this because it's AJAX-based and handles the history itself. If you're not using AJAX, then I don't think there's any way to prevent the browser from caching the page. Why is it a problem if the user can see the cached page after pressing back?
 
Patil Niteen
Ranch Hand
Posts: 48
Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Peter,


Yes. This is required for the security reason. It may happen that the user logs out and leaves the page as it is. No other person should be able to view the details of this user using BACK button.There may be some confidential information being displayed.

Thanks,
Nitin.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic