How to disable /login/auth in Grails/Spring Security plugin

Question

I'm attempting to setup a system in Grails using the Spring Security Plugin that only allows authentication via a Pre-Authentication mechanism.

What I want to happen is that if the user attempts to go to any URL when not authenticated it should take them to an access denied page.

What I'm getting right now is that Grails is attempting to forward them to /login/auth (and then Firefox says that the redirect will never complete). But the thing is, since I'm only a Pre-Auth system, there is no login page.

Here is my Config.groovy:

grails.plugins.springsecurity.interceptUrlMap =
['/auth/*'      : 'IS_AUTHENTICATED_ANONYMOUSLY',       // so they can attempt to login
 '/**'          : 'IS_AUTHENTICATED_FULLY'
]

grails.plugins.springsecurity.providerNames =
['customerPreauthAuthProvider']

grails.plugins.springsecurity.filterChain.chainMap =
['/auth/customer' : 'customerSiteminderFilter',             // Customer login
 '/**'          : 'JOINED_FILTERS'  // Go thru regular filter chain for all others
]

Any idea's on how to get it to stop doing this? I've removed the index and auth methods from LoginController.groovy as well since they should not be needed.

Answer 1

Since you technically have no login page, then you could just change the following config option:

auth.loginFormUrl = '/login/auth'

to point to your access denied page.