Disable user authentication in grails spring-security-core plugin

Question

Disable user authentication in grails spring-security-core plugin

I want to add some security to my little service written in Grails: IP restriction, forced HTTPS, and maybe more.

So I added the spring-security-core dependency

compile 'org.grails.plugins:spring-security-core:2.0-RC4'

for my build.gradle and something like this

grails.plugin.springsecurity.secureChannel.definition = ['/**': 'REQUIRES_SECURE_CHANNEL']
grails.plugin.springsecurity.ipRestrictions = ['/**': ['127.0.0.1', '%MY-OFFICE-IP-HERE%']]

for my Config.groovy.

The service is quite simple, it only has two controllers that return some data in JSON format. But the spring-security-core plugin adds user authentication by default: login page, logout interceptor, access denial handler, etc. I currently do not need this feature and want to disable it. How can i do this?

+3

spring-security grails

user24809 May 09 '15 at 10:31

source to share

2 answers

Shashank Agrawal · Answer 1 · 2015-05-09T14:10:12+0000

Just add this to your Config.groovy for development environment:

grails.plugin.springsecurity.active = false

Orubel · Answer 2 · 2015-05-10T02:31:05+0000

so what are you saying you just need an IP restriction but not a role to keep your controllers / methods secure or any real security for your application because this is in the DMZ ???

Then you don't want Spring-security, just implement something like this ... How do you get the client IP in a Grails controller?

detect IP in filter and reject if it does not match valid IP address in configuration

Disable user authentication in grails spring-security-core plugin

More articles: