source: trunk/grails-app/conf/SecurityConfig.groovy @ 686

Last change on this file since 686 was 532, checked in by gav, 15 years ago

Install jasper plugin.
Add BuildConfig.groovy.
Svn delete mysql-connector jar since it is now a dependancy in BuildConfig and download from maven central, version also updated to 5.1.9.

File size: 3.6 KB
RevLine 
[58]1security {
2
[127]3    def authenticateService
4
[147]5        // See DefaultSecurityConfig.groovy for all settable/overridable properties
[58]6
7        active = true
8
9        loginUserDomainClass = "Person"
10    userName = 'loginName'
11    password = 'password'
12    enabled = 'isActive'
13
14        authorityDomainClass = "Authority"
15
[147]16    // Required if we want to run "grails generate-manager"
17    // Which recreates the controller and views, so save the views!
[58]18//     requestMapClass = 'Requestmap'
19
[147]20    // The whole application relies on controllerAnnotations and the static rules bellow.
[58]21    useRequestMapDomainClass = false
22    useControllerAnnotations = true
[69]23
[147]24    // Set true especially if used across the internet.
[71]25    forceHttps = 'false'
[69]26
[147]27    // Pessimistic locking, deny access to all URLs that don't
28    // have an applicable URL-Role configuration.
29    // This forces us to set an annotation, static rule or
30    // extend BaseController and prevents accidentally leaving pages open.
[69]31    controllerAnnotationsRejectIfNoRule = true
[147]32
33    // Static rules for controllers, actions and urls.
34    // Since we are using pessimistic locking we have to set some things
35    // here but most security should be set in the controllers.
[69]36    controllerAnnotationStaticRules = [
37    '/': ['IS_AUTHENTICATED_FULLY'],
38    '/index.gsp': ['IS_AUTHENTICATED_FULLY'],
39    '/css/*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
40    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
[98]41    '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
[147]42    '/plugins/**': ['IS_AUTHENTICATED_FULLY'],
[231]43    '/plugins/*/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
44    '/plugins/*/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
45    '/plugins/*/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
[147]46    '/classDiagram*': ['IS_AUTHENTICATED_FULLY'],
47    '/classDiagram/**': ['IS_AUTHENTICATED_FULLY'],
[69]48    '/login*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
49    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
50    '/logout*': ['IS_AUTHENTICATED_FULLY'],
[182]51    '/logout/**': ['IS_AUTHENTICATED_FULLY'],
52    '/image*': ['IS_AUTHENTICATED_FULLY'],
[532]53    '/image/**': ['IS_AUTHENTICATED_FULLY'],
54    '/reports*': ['IS_AUTHENTICATED_FULLY'],
55    '/reports/**': ['IS_AUTHENTICATED_FULLY'],
56    '/jasper*': ['IS_AUTHENTICATED_FULLY'],
57    '/jasper/**': ['IS_AUTHENTICATED_FULLY']
[69]58    ]
59
[147]60    // Always call the welcome action so that bookmarks are not used, a
61    // welcome message can be populated and the sessionTimeout can be set.
[127]62    defaultTargetUrl = '/appCore/welcome'
[69]63    alwaysUseDefaultTargetUrl = true
64
[147]65    // User caching, turned this off so that password changes take effect.
66    // It would appear that user is still in the session as logout/login
[73]67    // is still required for role changes to take effect.
[147]68    // If this option causes high database load try:
[73]69    //  import org.acegisecurity.providers.dao.DaoAuthenticationProvider
70    //  import org.acegisecurity.context.SecurityContextHolder
71    //  DaoAuthenticationProvider daoAuthenticationProvider
72    //  def user = SecurityContextHolder.context.authentication.principal.username
73    //  daoAuthenticationProvider.userCache.removeUserFromCache(user)
74    //  in logout controller and perhaps on password change and role change.
75    cacheUsers = false
76
[147]77//    // Listen for events and run the closure(s) that follow.
78//    // Unfortunately the session is not available yet so many things can't be done here, use a defaultTargetUrl and controller.
[127]79//    useSecurityEventListener = true
80//
81//    onAuthenticationSuccessEvent = { e, appCtx ->
82//        def p = e.source.principal
83//        def personInstance = Person.findByLoginName(p.username)
84//        println p.username
85//        println personInstance.loginName
86//        println personInstance.firstName
87//    }
88
[58]89}
Note: See TracBrowser for help on using the repository browser.