Grails Spring Security, both interceptUrlMap and Annotations please!
grails.plugins.springsecurity.securityConfigType
must currently be either interceptUrlMap or annotation
booooo!
so by choosing interceptUrlMap, you have to specify everything like so in Config.groovy:
grails.plugins.springsecurity.securityConfigType="interceptUrlMap"
grails.plgins.springsecurity.interceptUrlMap = [
'/console/**:['ROLE_ADMIN'],
'/' :['IS_AUTHENTICATED_ANONYMOUSLY'],
'/app/**':['ROLE_USER'],
'/somethingElse/**':['ROLE_USER']
]I don't want this, I want to annotate my own controllers myself, and lock other stuff like resources and the console plugin - in Config.groovy.
It makes more sense for me to maintain my security setup in my controllers instead of centralizing it inside Config.groovy. (where I'll probably forget them)
Here is the trick.
Switch (from interceptUrlMap) to staticRules and use Annotation.
grails.plugins.springsecurity.securityConfigType = "Annotation"
grails.plugins.springsecurity.controllerAnnotations.staticRules = [
'/console//**': ['ROLE_ADMIN'],
]Now spash those @Secured(['ROLE_TRAFFICINFO']) on your controllers classes and/or methods
Yay! The best of both worlds!
Written by Finn J Johnsen
Related protips
3 Responses
Looks like support for mixing different approaches is coming in version 2.0:
http://jira.grails.org/browse/GPSPRINGSECURITYCORE-184
Is "/console//**" a typo? Is the double-slash needed? i'm trying get this working, for the Grails Console plugin
Ok, removing the extra slash makes it work. Thanks for this. I was trying to get this working independently and it was encouraging to read your post.
Have a fresh tip? Share with Coderwall community!
