How to change Grails Spring Security Cookie Path

Question

I've got two grails applications using spring security:

• Core
• Module (user and role tables mapping to Core db tables)

I want to have a single sign on functionality using "remember me". The problem is that the cookies are stored in different paths "/Core" and "/Module" which I'm guessing is the reason why it isn't working.

Does anyone know how to change the cookie path to be "/"?

Notes:

• Do I need to make a change in Spring Security or the Tomcat server configuration (using intellij)
• I want to avoid setting up a CAS server if possible
• I'm looking into plugins as an alternative

Thanks any help would be greatly appreciated

Answer 1

When the remember-me filter creates the remember-me cookie, it sets the cookie path to the context path obtained from the request object (see related source code here). If you want to customize this behavior, you'll need to override the setCookie() and cancelCookie() methods of the remember-me service implementation your application uses (either TokenBasedRememberMeServices or PersistentTokenBasedRememberMeServices) in a subclass, and configure the RememberMeAuthenticationFilter to use your custom implementation.

Answer 2

Here's how I impltemented it. create a new service with extends TokenBasedRememberMeServices override setCookie and cancelCookie method to set cookie path. Add cookiePath variable and add method to setCookepath()

Update resources.groovy

rememberMeServices(YourTokenBasedRememberMeServices) { 
    userDetailsService = ref("userDetailsService")
    key = conf.rememberMe.key
    cookieName = conf.rememberMe.cookieName
    alwaysRemember = conf.rememberMe.alwaysRemember
    tokenValiditySeconds = conf.rememberMe.tokenValiditySeconds
    cookiePath = some config variable 
}