Adding @With(Secure.class)
to a controller blocks all unauthenticated access. Is there a way to enabled it only for certain actions, or to except certain actions after it's enabled on a controller?
You can't do that with the secure module. As Niels said the secure module is more an example than a solution. You can build your own security system with the @Before annotation. Here is an example:
public class Admin extends Controller {
@Before(unless={"login", "authenticate", "logout", "otherMethod"})
void checkAccess() {
// check the cookie
}
public void login() {
render();
}
public void authenticate(String email, String password) {
// check the params and set a value in the cookie
}
public void logout() {
// delete cookie
}
I recommend you to read the source code of the secure module.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With