Grails Spring Static Security Rules
I want all users to be authenticated before accessing my application. Below is the Config.groovy parameter:
grails.plugin.springsecurity.controllerAnnotations.staticRules=[
"/**": ["ROLE_ADMIN"],
"/login/auth": ["permitAll"]
]
The reason I put "/ login / auth": ["allowAll"] is because any user can be able to log in and authenticate. However, when I access http: // localhost: 8080 / myapp / it redirects to http: // localhost: 8080 / myapp / login / auth and throws an error: The page is not redirecting correctly . Could you please let me know what mistake I have made here?
source to share
First, you must tell spring which display type you will be using.
grails.plugins.springsecurity.securityConfigType = 'InterceptUrlMap'
For the second 'permitAll'
changed to 'IS_AUTHENTICATED_ANONYMOUSLY'
A for the third, if spring security find /**
, it didn't see another in that line. Therefore your code should be like this:
grails.plugins.springsecurity.securityConfigType = SecurityConfigType.InterceptUrlMap
grails.plugins.springsecurity.interceptUrlMap = [
"/login/auth": ["permitAll"],
"/**": ["ROLE_ADMIN"]
]
source to share
TrongBang and Koloritnij are on the right track. But they are not entirely correct in the context of your question. They suggest moving on to a different authentication setup. (That this will work, but it doesn't fix the problem in the context of your installation.)
If you want to preserve annotations, you will have to call a controller that uses OAuth.
'/ springSecurityOAuth / **: [' allowAll]
The plugin renders this controller path, but static rules still interpret the controller and methods from that. It took me a while to figure this out. I had the same problem and wrote about it in a blog post (and it includes some details on how the Spring Security Oauth plugin works.
http://theexceptioncatcher.com/blog/2015/04/spring-security-oauth-the-missing-instructions/
source to share
Koloritnij's solution is correct. However when using SecurityConfigType.InterceptUrlMap when using :
ERROR: the 'securityConfigType' property must be one of
'Annotation', 'Requestmap', or 'InterceptUrlMap' or left unspecified
to default to 'Annotation'; setting value to 'Annotation'
I only changed it to "InterceptUrlMap" and it worked:
grails.plugins.springsecurity.securityConfigType = 'InterceptUrlMap'
grails.plugins.springsecurity.interceptUrlMap = [
"/login/auth": ["permitAll"],
"/**": ["ROLE_ADMIN"]
]
source to share