Last Updated: February 25, 2016
·
5.23K
· finnjohnsen

Grails Spring Security, both interceptUrlMap and Annotations please!

grails.plugins.springsecurity.securityConfigType

must currently be either interceptUrlMap or annotation

booooo!

so by choosing interceptUrlMap, you have to specify everything like so in Config.groovy:

grails.plugins.springsecurity.securityConfigType="interceptUrlMap"

grails.plgins.springsecurity.interceptUrlMap = [
'/console/**:['ROLE_ADMIN'],
'/' :['IS_AUTHENTICATED_ANONYMOUSLY'],
'/app/**':['ROLE_USER'],
'/somethingElse/**':['ROLE_USER']
]

I don't want this, I want to annotate my own controllers myself, and lock other stuff like resources and the console plugin - in Config.groovy.

It makes more sense for me to maintain my security setup in my controllers instead of centralizing it inside Config.groovy. (where I'll probably forget them)

Here is the trick.

Switch (from interceptUrlMap) to staticRules and use Annotation.

grails.plugins.springsecurity.securityConfigType = "Annotation"
grails.plugins.springsecurity.controllerAnnotations.staticRules = [
   '/console//**': ['ROLE_ADMIN'],
]

Now spash those @Secured(['ROLE_TRAFFICINFO']) on your controllers classes and/or methods

Yay! The best of both worlds!

3 Responses
Add your response

Looks like support for mixing different approaches is coming in version 2.0:
http://jira.grails.org/browse/GPSPRINGSECURITYCORE-184

over 1 year ago ·

Is "/console//**" a typo? Is the double-slash needed? i'm trying get this working, for the Grails Console plugin

over 1 year ago ·

Ok, removing the extra slash makes it work. Thanks for this. I was trying to get this working independently and it was encouraging to read your post.

over 1 year ago ·