Custom denied.gsp styles not rendering

Question

I am using the spring-security-core plugin and I have created a custom denied.gsp page under /views/login/denied.gsp. If I go to the page directly via /login/denied I can see that the layout was applied. However, if I attempt to access a restricted page and I am routed to the denied.gsp it just renders the exact html without processing the layout.

<html><head>
        <title>Denied</title>
        <meta name="layout" content="main">
    </head>
    <body>
        <section class="breadcrumb p07">
            <p><a href="/">Home</a> Denied</p>
        </section>
        <section class="content">
            <p>Sorry, you're not authorized to view this page.</p>
        </section>

</body></html>

I have these set to false, so that everything is not locked down by default:

grails.plugin.springsecurity.rejectIfNoRule = false
grails.plugin.springsecurity.fii.rejectPublicInvocations = false

AdminController:

@Secured(['ROLE_ADMIN'])
class AdminController {

    def index() { 

    }
}

So for example, I am logged in as ROLE_USER and then go to /admin, it correctly denies me. Yet, it has no styling on the page.

There are no additional rules regarding css, js, etc.

I can't figure out why the styling is not applied in this case. Any ideas?

Answer 1

At first get familiar with this one https://github.com/grails-plugins/grails-spring-security-core/issues/177

As a work-around I would recommend you below mentioned steps.

In your UrlMappings.groovy make modification:

"500"(controller: "error", action: "denied")

In your Config.groovy file override errorPage property

grails.plugin.springsecurity.adh.errorPage = null

And add action in your controller:

def denied() {
    render(view: '/login/denied')
}

This works for me.