source: trunk/grails-app/conf/SecurityConfig.groovy @ 964

Last change on this file since 964 was 913, checked in by gav, 14 years ago

Svn merge -r875:r911 branches/features/grailsUpgrade/ into trunk/.

File size: 3.5 KB
Line 
1security {
2
3    def authenticateService
4
5        // See DefaultSecurityConfig.groovy for all settable/overridable properties
6
7        active = true
8
9        loginUserDomainClass = "Person"
10    userName = 'loginName'
11    password = 'password'
12    enabled = 'isActive'
13
14        authorityDomainClass = "Authority"
15
16    // Required if we want to run "grails generate-manager"
17    // Which recreates the controller and views, so save the views!
18//     requestMapClass = 'Requestmap'
19
20    // The whole application relies on controllerAnnotations and the static rules bellow.
21    useRequestMapDomainClass = false
22    useControllerAnnotations = true
23
24    // Set true especially if used across the internet.
25    forceHttps = 'false'
26
27    // Pessimistic locking, deny access to all URLs that don't
28    // have an applicable URL-Role configuration.
29    // This forces us to set an annotation, static rule or
30    // extend BaseController and prevents accidentally leaving pages open.
31    controllerAnnotationsRejectIfNoRule = true
32
33    // Static rules for controllers, actions and urls.
34    // Since we are using pessimistic locking we have to set some things
35    // here but most security should be set in the controllers.
36    controllerAnnotationStaticRules = [
37    '/': ['IS_AUTHENTICATED_FULLY'],
38    '/index.gsp': ['IS_AUTHENTICATED_FULLY'],
39    '/css/*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
40    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
41    '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
42    '/plugins/**': ['IS_AUTHENTICATED_FULLY'],
43    '/plugins/*/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
44    '/plugins/*/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
45    '/plugins/*/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
46    '/login*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
47    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
48    '/logout*': ['IS_AUTHENTICATED_FULLY'],
49    '/logout/**': ['IS_AUTHENTICATED_FULLY'],
50    '/image*': ['IS_AUTHENTICATED_FULLY'],
51    '/image/**': ['IS_AUTHENTICATED_FULLY'],
52    '/reports*': ['IS_AUTHENTICATED_FULLY'],
53    '/reports/**': ['IS_AUTHENTICATED_FULLY'],
54    '/jasper*': ['IS_AUTHENTICATED_FULLY'],
55    '/jasper/**': ['IS_AUTHENTICATED_FULLY']
56    ]
57
58    // Always call the welcome action so that bookmarks are not used, a
59    // welcome message can be populated and the sessionTimeout can be set.
60    defaultTargetUrl = '/appCore/welcome'
61    alwaysUseDefaultTargetUrl = true
62
63    // User caching, turned this off so that password changes take effect.
64    // It would appear that user is still in the session as logout/login
65    // is still required for role changes to take effect.
66    // If this option causes high database load try:
67    //  import org.acegisecurity.providers.dao.DaoAuthenticationProvider
68    //  import org.acegisecurity.context.SecurityContextHolder
69    //  DaoAuthenticationProvider daoAuthenticationProvider
70    //  def user = SecurityContextHolder.context.authentication.principal.username
71    //  daoAuthenticationProvider.userCache.removeUserFromCache(user)
72    //  in logout controller and perhaps on password change and role change.
73    cacheUsers = false
74
75//    // Listen for events and run the closure(s) that follow.
76//    // Unfortunately the session is not available yet so many things can't be done here, use a defaultTargetUrl and controller.
77//    useSecurityEventListener = true
78//
79//    onAuthenticationSuccessEvent = { e, appCtx ->
80//        def p = e.source.principal
81//        def personInstance = Person.findByLoginName(p.username)
82//        println p.username
83//        println personInstance.loginName
84//        println personInstance.firstName
85//    }
86
87}
Note: See TracBrowser for help on using the repository browser.