must currently be either interceptUrlMap or annotation
so by choosing interceptUrlMap, you have to specify everything like so in Config.groovy:
grails.plugins.springsecurity.securityConfigType="interceptUrlMap" grails.plgins.springsecurity.interceptUrlMap = [ '/console/**:['ROLE_ADMIN'], '/' :['IS_AUTHENTICATED_ANONYMOUSLY'], '/app/**':['ROLE_USER'], '/somethingElse/**':['ROLE_USER'] ]
I don't want this, I want to annotate my own controllers myself, and lock other stuff like resources and the console plugin - in Config.groovy.
It makes more sense for me to maintain my security setup in my controllers instead of centralizing it inside Config.groovy. (where I'll probably forget them)
Here is the trick.
Switch (from interceptUrlMap) to staticRules and use Annotation.
grails.plugins.springsecurity.securityConfigType = "Annotation" grails.plugins.springsecurity.controllerAnnotations.staticRules = [ '/console//**': ['ROLE_ADMIN'], ]
Now spash those @Secured(['ROLE_TRAFFICINFO']) on your controllers classes and/or methods
Yay! The best of both worlds!