grails - spring security core secure custom url -
i using grails 2.3.9 , spring-security-core:2.0-rc3 , using staticrules security.
i have following security configurations in config file:
grails.plugin.springsecurity.userlookup.userdomainclassname = 'com.mkb.user' grails.plugin.springsecurity.userlookup.authorityjoinclassname = 'com.mkb.userrole' grails.plugin.springsecurity.authority.classname = 'com.mkb.role' grails.plugin.springsecurity.useswitchuserfilter = true grails.plugin.springsecurity.logout.postonly = false grails.plugin.springsecurity.adh.errorpage = null grails.plugin.springsecurity.controllerannotations.staticrules = [ '/': ['permitall'], '/index': ['permitall'], '/index.gsp': ['permitall'], '/**/js/**': ['permitall'], '/**/css/**': ['permitall'], '/**/images/**': ['permitall'], '/**/favicon.ico': ['permitall'], '/controllerc/**': ['role_user'], '/**': ['permitall'] ] there security configurations works fine.
now have following url mappings
"/test/controllera/$action?/$id?(.${format})?"(controller: 'controllera') "/test/controllerb/$action?/$id?(.${format})?"(controller: 'controllerb') and required set security urls have /test/, ie., urls mydomain.com/test/controllera/** , mydomain.com/test/controllerb/** accessible users have role_abc role.
i have tried
grails.plugin.springsecurity.controllerannotations.staticrules = [ '/': ['permitall'], '/index': ['permitall'], '/index.gsp': ['permitall'], '/**/js/**': ['permitall'], '/**/css/**': ['permitall'], '/**/images/**': ['permitall'], '/**/favicon.ico': ['permitall'], '/test/**': ['role_abc'], '/**': ['permitall'] ] but did not work, user can access controllers.
how define security?
note:- cannot use @secured annotations. need securities in config only
you have explicitly specify controllers in static rules below:
grails.plugin.springsecurity.controllerannotations.staticrules = [ ... '/controllera/**': ['role_abc'], '/controllerb/**': ['role_abc'], .... ] i think how have controllerc
'/controllerc/**': ['role_user'], refer this answer details. doc suggests, applicable controller plugins @secured cannot used if source code unreachable.
Comments
Post a Comment