Disable user authentication in grails spring-security-core plugin
I want to add some security to my little service written in Grails: IP restriction, forced HTTPS, and maybe more.
So I added the spring-security-core dependency
compile 'org.grails.plugins:spring-security-core:2.0-RC4'
for my build.gradle and something like this
grails.plugin.springsecurity.secureChannel.definition = ['/**': 'REQUIRES_SECURE_CHANNEL']
grails.plugin.springsecurity.ipRestrictions = ['/**': ['127.0.0.1', '%MY-OFFICE-IP-HERE%']]
for my Config.groovy.
The service is quite simple, it only has two controllers that return some data in JSON format. But the spring-security-core plugin adds user authentication by default: login page, logout interceptor, access denial handler, etc. I currently do not need this feature and want to disable it. How can i do this?
source to share
so what are you saying you just need an IP restriction but not a role to keep your controllers / methods secure or any real security for your application because this is in the DMZ ???
Then you don't want Spring-security, just implement something like this ... How do you get the client IP in a Grails controller?
detect IP in filter and reject if it does not match valid IP address in configuration
source to share