[58] | 1 | security { |
---|
| 2 | |
---|
[127] | 3 | def authenticateService |
---|
| 4 | |
---|
[147] | 5 | // See DefaultSecurityConfig.groovy for all settable/overridable properties |
---|
[58] | 6 | |
---|
| 7 | active = true |
---|
| 8 | |
---|
| 9 | loginUserDomainClass = "Person" |
---|
| 10 | userName = 'loginName' |
---|
| 11 | password = 'password' |
---|
| 12 | enabled = 'isActive' |
---|
| 13 | |
---|
| 14 | authorityDomainClass = "Authority" |
---|
| 15 | |
---|
[147] | 16 | // Required if we want to run "grails generate-manager" |
---|
| 17 | // Which recreates the controller and views, so save the views! |
---|
[58] | 18 | // requestMapClass = 'Requestmap' |
---|
| 19 | |
---|
[147] | 20 | // The whole application relies on controllerAnnotations and the static rules bellow. |
---|
[58] | 21 | useRequestMapDomainClass = false |
---|
| 22 | useControllerAnnotations = true |
---|
[69] | 23 | |
---|
[147] | 24 | // Set true especially if used across the internet. |
---|
[71] | 25 | forceHttps = 'false' |
---|
[69] | 26 | |
---|
[147] | 27 | // Pessimistic locking, deny access to all URLs that don't |
---|
| 28 | // have an applicable URL-Role configuration. |
---|
| 29 | // This forces us to set an annotation, static rule or |
---|
| 30 | // extend BaseController and prevents accidentally leaving pages open. |
---|
[69] | 31 | controllerAnnotationsRejectIfNoRule = true |
---|
[147] | 32 | |
---|
| 33 | // Static rules for controllers, actions and urls. |
---|
| 34 | // Since we are using pessimistic locking we have to set some things |
---|
| 35 | // here but most security should be set in the controllers. |
---|
[69] | 36 | controllerAnnotationStaticRules = [ |
---|
| 37 | '/': ['IS_AUTHENTICATED_FULLY'], |
---|
| 38 | '/index.gsp': ['IS_AUTHENTICATED_FULLY'], |
---|
| 39 | '/css/*': ['IS_AUTHENTICATED_ANONYMOUSLY'], |
---|
| 40 | '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], |
---|
[98] | 41 | '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], |
---|
[147] | 42 | '/plugins/**': ['IS_AUTHENTICATED_FULLY'], |
---|
| 43 | '/classDiagram*': ['IS_AUTHENTICATED_FULLY'], |
---|
| 44 | '/classDiagram/**': ['IS_AUTHENTICATED_FULLY'], |
---|
[69] | 45 | '/login*': ['IS_AUTHENTICATED_ANONYMOUSLY'], |
---|
| 46 | '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], |
---|
| 47 | '/logout*': ['IS_AUTHENTICATED_FULLY'], |
---|
[182] | 48 | '/logout/**': ['IS_AUTHENTICATED_FULLY'], |
---|
| 49 | '/image*': ['IS_AUTHENTICATED_FULLY'], |
---|
| 50 | '/image/**': ['IS_AUTHENTICATED_FULLY'] |
---|
[69] | 51 | ] |
---|
| 52 | |
---|
[147] | 53 | // Always call the welcome action so that bookmarks are not used, a |
---|
| 54 | // welcome message can be populated and the sessionTimeout can be set. |
---|
[127] | 55 | defaultTargetUrl = '/appCore/welcome' |
---|
[69] | 56 | alwaysUseDefaultTargetUrl = true |
---|
| 57 | |
---|
[147] | 58 | // User caching, turned this off so that password changes take effect. |
---|
| 59 | // It would appear that user is still in the session as logout/login |
---|
[73] | 60 | // is still required for role changes to take effect. |
---|
[147] | 61 | // If this option causes high database load try: |
---|
[73] | 62 | // import org.acegisecurity.providers.dao.DaoAuthenticationProvider |
---|
| 63 | // import org.acegisecurity.context.SecurityContextHolder |
---|
| 64 | // DaoAuthenticationProvider daoAuthenticationProvider |
---|
| 65 | // def user = SecurityContextHolder.context.authentication.principal.username |
---|
| 66 | // daoAuthenticationProvider.userCache.removeUserFromCache(user) |
---|
| 67 | // in logout controller and perhaps on password change and role change. |
---|
| 68 | cacheUsers = false |
---|
| 69 | |
---|
[147] | 70 | // // Listen for events and run the closure(s) that follow. |
---|
| 71 | // // Unfortunately the session is not available yet so many things can't be done here, use a defaultTargetUrl and controller. |
---|
[127] | 72 | // useSecurityEventListener = true |
---|
| 73 | // |
---|
| 74 | // onAuthenticationSuccessEvent = { e, appCtx -> |
---|
| 75 | // def p = e.source.principal |
---|
| 76 | // def personInstance = Person.findByLoginName(p.username) |
---|
| 77 | // println p.username |
---|
| 78 | // println personInstance.loginName |
---|
| 79 | // println personInstance.firstName |
---|
| 80 | // } |
---|
| 81 | |
---|
[58] | 82 | } |
---|