Clever Geek Handbook

Grails Spring Static Security Rules

I want all users to be authenticated before accessing my application. Below is the Config.groovy parameter:

grails.plugin.springsecurity.controllerAnnotations.staticRules=[
    "/**": ["ROLE_ADMIN"],
    "/login/auth": ["permitAll"]
]

The reason I put "/ login / auth": ["allowAll"] is because any user can be able to log in and authenticate. However, when I access http: // localhost: 8080 / myapp / it redirects to http: // localhost: 8080 / myapp / login / auth and throws an error: The page is not redirecting correctly . Could you please let me know what mistake I have made here?

+3


source to share


3 answers


First, you must tell spring which display type you will be using.

grails.plugins.springsecurity.securityConfigType = 'InterceptUrlMap'


For the second 'permitAll'

changed to 'IS_AUTHENTICATED_ANONYMOUSLY'

A for the third, if spring security find /**

, it didn't see another in that line. Therefore your code should be like this:

grails.plugins.springsecurity.securityConfigType = SecurityConfigType.InterceptUrlMap
grails.plugins.springsecurity.interceptUrlMap = [
"/login/auth": ["permitAll"],
 "/**": ["ROLE_ADMIN"]
]
+4


source


TrongBang and Koloritnij are on the right track. But they are not entirely correct in the context of your question. They suggest moving on to a different authentication setup. (That this will work, but it doesn't fix the problem in the context of your installation.)

If you want to preserve annotations, you will have to call a controller that uses OAuth.

'/ springSecurityOAuth / **: [' allowAll]



The plugin renders this controller path, but static rules still interpret the controller and methods from that. It took me a while to figure this out. I had the same problem and wrote about it in a blog post (and it includes some details on how the Spring Security Oauth plugin works.

http://theexceptioncatcher.com/blog/2015/04/spring-security-oauth-the-missing-instructions/

+2


source


Koloritnij's solution is correct. However when using SecurityConfigType.InterceptUrlMap when using :

ERROR: the 'securityConfigType' property must be one of
'Annotation', 'Requestmap', or 'InterceptUrlMap' or left unspecified
to default to 'Annotation'; setting value to 'Annotation'

I only changed it to "InterceptUrlMap" and it worked:

grails.plugins.springsecurity.securityConfigType = 'InterceptUrlMap'
grails.plugins.springsecurity.interceptUrlMap = [
    "/login/auth": ["permitAll"],
    "/**": ["ROLE_ADMIN"]
]
0


source






More articles:


All Articles