source: trunk/grails-app/conf/SecurityConfig.groovy @ 958

Last change on this file since 958 was 913, checked in by gav, 14 years ago

Svn merge -r875:r911 branches/features/grailsUpgrade/ into trunk/.

File size: 3.5 KB
RevLine 
[58]1security {
2
[127]3    def authenticateService
4
[147]5        // See DefaultSecurityConfig.groovy for all settable/overridable properties
[58]6
7        active = true
8
9        loginUserDomainClass = "Person"
10    userName = 'loginName'
11    password = 'password'
12    enabled = 'isActive'
13
14        authorityDomainClass = "Authority"
15
[147]16    // Required if we want to run "grails generate-manager"
17    // Which recreates the controller and views, so save the views!
[58]18//     requestMapClass = 'Requestmap'
19
[147]20    // The whole application relies on controllerAnnotations and the static rules bellow.
[58]21    useRequestMapDomainClass = false
22    useControllerAnnotations = true
[69]23
[147]24    // Set true especially if used across the internet.
[71]25    forceHttps = 'false'
[69]26
[147]27    // Pessimistic locking, deny access to all URLs that don't
28    // have an applicable URL-Role configuration.
29    // This forces us to set an annotation, static rule or
30    // extend BaseController and prevents accidentally leaving pages open.
[69]31    controllerAnnotationsRejectIfNoRule = true
[147]32
33    // Static rules for controllers, actions and urls.
34    // Since we are using pessimistic locking we have to set some things
35    // here but most security should be set in the controllers.
[69]36    controllerAnnotationStaticRules = [
37    '/': ['IS_AUTHENTICATED_FULLY'],
38    '/index.gsp': ['IS_AUTHENTICATED_FULLY'],
39    '/css/*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
40    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
[98]41    '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
[147]42    '/plugins/**': ['IS_AUTHENTICATED_FULLY'],
[231]43    '/plugins/*/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
44    '/plugins/*/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
45    '/plugins/*/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
[69]46    '/login*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
47    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
48    '/logout*': ['IS_AUTHENTICATED_FULLY'],
[182]49    '/logout/**': ['IS_AUTHENTICATED_FULLY'],
50    '/image*': ['IS_AUTHENTICATED_FULLY'],
[532]51    '/image/**': ['IS_AUTHENTICATED_FULLY'],
52    '/reports*': ['IS_AUTHENTICATED_FULLY'],
53    '/reports/**': ['IS_AUTHENTICATED_FULLY'],
54    '/jasper*': ['IS_AUTHENTICATED_FULLY'],
55    '/jasper/**': ['IS_AUTHENTICATED_FULLY']
[69]56    ]
57
[147]58    // Always call the welcome action so that bookmarks are not used, a
59    // welcome message can be populated and the sessionTimeout can be set.
[127]60    defaultTargetUrl = '/appCore/welcome'
[69]61    alwaysUseDefaultTargetUrl = true
62
[147]63    // User caching, turned this off so that password changes take effect.
64    // It would appear that user is still in the session as logout/login
[73]65    // is still required for role changes to take effect.
[147]66    // If this option causes high database load try:
[73]67    //  import org.acegisecurity.providers.dao.DaoAuthenticationProvider
68    //  import org.acegisecurity.context.SecurityContextHolder
69    //  DaoAuthenticationProvider daoAuthenticationProvider
70    //  def user = SecurityContextHolder.context.authentication.principal.username
71    //  daoAuthenticationProvider.userCache.removeUserFromCache(user)
72    //  in logout controller and perhaps on password change and role change.
73    cacheUsers = false
74
[147]75//    // Listen for events and run the closure(s) that follow.
76//    // Unfortunately the session is not available yet so many things can't be done here, use a defaultTargetUrl and controller.
[127]77//    useSecurityEventListener = true
78//
79//    onAuthenticationSuccessEvent = { e, appCtx ->
80//        def p = e.source.principal
81//        def personInstance = Person.findByLoginName(p.username)
82//        println p.username
83//        println personInstance.loginName
84//        println personInstance.firstName
85//    }
86
[58]87}
Note: See TracBrowser for help on using the repository browser.