Menu
I'm developing a plugin to provide some specific functionality. The plugin "has it all": the complete vertical slice (services, controllers, domain-classes, GSPs). On the plugin level no security is used.
Now I want to integrate the plugin into the main app, and apply some security rules like @Secured(['ROLE_SUPER']).
The way I'm doing it now is not too elegant:
@Secured(['ROLE_SUPER'])
class SomeController extends SomePluginController {}
This mass of such zero-value code grows along with the number of controllers.
What can be improved here?
TIA
UPDATE:
the grails.plugin.springsecurity.controllerAnnotations.staticRules map doesn't work.
I have a plugin AggregationPlugin with TaskController and index-action inside.
I tried to put it so:
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/task/**': ['ROLE_SUPER'],
'/aggregation/**': ['ROLE_SUPER'],
'/plugins/aggregation-0.1/**': ['ROLE_SUPER'],
]
but I still can access the page anonymously.
I'm using Grails 1.3.7 and spring-security-core 1.2.7.2
UPDATE #2:
So, after some attempts I found the most elegant solution. Instead of staticRules which doesn't work for some reason in my setup and which can become really big, if you have many plugins to apply security to, I added a dependency to the plugin:
compile( 'org.springframework.security:spring-security-core:3.0.7.RELEASE' )
so that I can use the @Secured in my controllers now without the whole security plugin. Upon installation into the main app they will be picked automatically by the security plugin.
339
You can put the configuration for the plugin controllers in Config.groovy:
grails.plugins.springsecurity.controllerAnnotations.staticRules = [
'/somePlugin/': ['ROLE_SUPER']
]
Check out the official docs, scroll down to section controllerAnnotations.staticRules.
69
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
