[58] | 1 | security { |
---|
| 2 | |
---|
| 3 | /** enable Spring Security or not */ |
---|
| 4 | active = false |
---|
| 5 | |
---|
| 6 | /** login user class fields (default user class = Person)*/ |
---|
| 7 | loginUserDomainClass = 'Person' |
---|
| 8 | userName = 'username' |
---|
| 9 | password = 'passwd' |
---|
| 10 | enabled = 'enabled' |
---|
| 11 | relationalAuthorities = 'authorities' |
---|
| 12 | //you can specify method for to retrieve the roles. (you need to set relationalAuthorities=null) |
---|
| 13 | getAuthoritiesMethod = null // 'getMoreAuthorities' |
---|
| 14 | |
---|
| 15 | /** |
---|
| 16 | * Authority domain class authority field name |
---|
| 17 | * authorityFieldInList |
---|
| 18 | */ |
---|
| 19 | authorityDomainClass = 'Authority' |
---|
| 20 | authorityField = 'authority' |
---|
| 21 | |
---|
| 22 | /** authenticationProcessingFilter */ |
---|
| 23 | authenticationFailureUrl = '/login/authfail?login_error=1' |
---|
| 24 | ajaxAuthenticationFailureUrl = '/login/authfail?ajax=true' |
---|
| 25 | defaultTargetUrl = '/' |
---|
| 26 | alwaysUseDefaultTargetUrl = false |
---|
| 27 | filterProcessesUrl = '/j_spring_security_check' |
---|
| 28 | |
---|
| 29 | /** anonymousProcessingFilter */ |
---|
| 30 | key = 'foo' |
---|
| 31 | userAttribute = 'anonymousUser,ROLE_ANONYMOUS' |
---|
| 32 | |
---|
| 33 | /** authenticationEntryPoint */ |
---|
| 34 | loginFormUrl = '/login/auth' |
---|
| 35 | forceHttps = 'false' |
---|
| 36 | ajaxLoginFormUrl = '/login/authAjax' |
---|
| 37 | |
---|
| 38 | /** logoutFilter */ |
---|
| 39 | afterLogoutUrl = '/' |
---|
| 40 | |
---|
| 41 | /** accessDeniedHandler |
---|
| 42 | * set errorPage to null, if you want to get error code 403 (FORBIDDEN). |
---|
| 43 | */ |
---|
| 44 | errorPage = '/login/denied' |
---|
| 45 | ajaxErrorPage = '/login/deniedAjax' |
---|
| 46 | ajaxHeader = 'X-Requested-With' |
---|
| 47 | |
---|
| 48 | /** passwordEncoder */ |
---|
| 49 | //The digest algorithm to use. |
---|
| 50 | //Supports the named Message Digest Algorithms in the Java environment. |
---|
| 51 | //http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#AppA |
---|
| 52 | algorithm = 'SHA' // Ex. MD5 SHA |
---|
| 53 | //use Base64 text ( true or false ) |
---|
| 54 | encodeHashAsBase64 = false |
---|
| 55 | |
---|
| 56 | /** rememberMeServices */ |
---|
| 57 | cookieName = 'grails_remember_me' |
---|
| 58 | alwaysRemember = false |
---|
| 59 | tokenValiditySeconds = 1209600 //14 days |
---|
| 60 | parameter = '_spring_security_remember_me' |
---|
| 61 | rememberMeKey = 'grailsRocks' |
---|
| 62 | |
---|
| 63 | /** LoggerListener |
---|
| 64 | * ( add 'log4j.logger.org.springframework.security=info,stdout' |
---|
| 65 | * to log4j.*.properties to see logs ) |
---|
| 66 | */ |
---|
| 67 | useLogger = false |
---|
| 68 | |
---|
| 69 | /** use RequestMap from DomainClass */ |
---|
| 70 | useRequestMapDomainClass = true |
---|
| 71 | |
---|
| 72 | /** Requestmap domain class (if useRequestMapDomainClass = true) */ |
---|
| 73 | requestMapClass = 'Requestmap' |
---|
| 74 | requestMapPathField = 'url' |
---|
| 75 | requestMapConfigAttributeField = 'configAttribute' |
---|
| 76 | |
---|
| 77 | /** use annotations from Controllers to define security rules */ |
---|
| 78 | useControllerAnnotations = false |
---|
| 79 | controllerAnnotationsMatcher = 'ant' // or 'regex' |
---|
| 80 | controllerAnnotationsMatchesLowercase = true |
---|
| 81 | controllerAnnotationStaticRules = [:] |
---|
| 82 | controllerAnnotationsRejectIfNoRule = false |
---|
| 83 | |
---|
| 84 | /** |
---|
| 85 | * if useRequestMapDomainClass is false, set request map pattern in string |
---|
| 86 | * see example below |
---|
| 87 | */ |
---|
| 88 | requestMapString = """ |
---|
| 89 | CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON |
---|
| 90 | PATTERN_TYPE_APACHE_ANT |
---|
| 91 | |
---|
| 92 | /login/**=IS_AUTHENTICATED_ANONYMOUSLY |
---|
| 93 | /admin/**=ROLE_USER |
---|
| 94 | /book/test/**=IS_AUTHENTICATED_FULLY |
---|
| 95 | /book/**=ROLE_SUPERVISOR |
---|
| 96 | /**=IS_AUTHENTICATED_ANONYMOUSLY |
---|
| 97 | """ |
---|
| 98 | |
---|
| 99 | // basic auth |
---|
| 100 | realmName = 'Grails Realm' |
---|
| 101 | |
---|
| 102 | /** use basicProcessingFilter */ |
---|
| 103 | basicProcessingFilter = false |
---|
| 104 | /** use switchUserProcessingFilter */ |
---|
| 105 | switchUserProcessingFilter = false |
---|
| 106 | swswitchUserUrl = '/j_spring_security_switch_user' |
---|
| 107 | swexitUserUrl = '/j_spring_security_exit_user' |
---|
| 108 | swtargetUrl = '/' |
---|
| 109 | |
---|
| 110 | /**use email notification while registration*/ |
---|
| 111 | useMail = false |
---|
| 112 | mailHost = 'localhost' |
---|
| 113 | mailUsername = 'user@localhost' |
---|
| 114 | mailPassword = 'sungod' |
---|
| 115 | mailProtocol = 'smtp' |
---|
| 116 | mailFrom = 'user@localhost' |
---|
| 117 | mailPort = 25 |
---|
| 118 | |
---|
| 119 | /** default user's role for user registration */ |
---|
| 120 | defaultRole = 'ROLE_USER' |
---|
| 121 | |
---|
| 122 | // OpenId |
---|
| 123 | useOpenId = false |
---|
| 124 | openIdNonceMaxSeconds = 300 // max time between auth start and end |
---|
| 125 | |
---|
| 126 | // LDAP/ActiveDirectory |
---|
| 127 | useLdap = false |
---|
| 128 | ldapRetrieveGroupRoles = true |
---|
| 129 | ldapRetrieveDatabaseRoles = false |
---|
| 130 | ldapSearchSubtree = true |
---|
| 131 | ldapGroupRoleAttribute = 'cn' |
---|
| 132 | ldapPasswordAttributeName = 'userPassword' |
---|
| 133 | ldapServer = 'ldap://localhost:389' // 'ldap://ad.example.com', 'ldap://monkeymachine:389/dc=acegisecurity,dc=org' |
---|
| 134 | ldapManagerDn = 'cn=admin,dc=example,dc=com' |
---|
| 135 | ldapManagerPassword = 'secret' |
---|
| 136 | ldapSearchBase = 'dc=example,dc=com' // 'ou=users,dc=example,dc=com' |
---|
| 137 | ldapSearchFilter = '(uid={0})' //, '(mailNickname={0})' |
---|
| 138 | ldapGroupSearchBase = 'ou=groups,dc=example,dc=com' |
---|
| 139 | ldapGroupSearchFilter = 'uniquemember={0}' |
---|
| 140 | ldapUsePassword = true |
---|
| 141 | |
---|
| 142 | // Kerberos |
---|
| 143 | useKerberos = false |
---|
| 144 | kerberosLoginConfigFile = 'WEB-INF/jaas.conf' |
---|
| 145 | kerberosRealm = 'KERBEROS.REALM' |
---|
| 146 | kerberosKdc = 'krbserver.domain.lan' |
---|
| 147 | kerberosRetrieveDatabaseRoles = true |
---|
| 148 | |
---|
| 149 | // HttpSessionEventPublisher |
---|
| 150 | useHttpSessionEventPublisher = false |
---|
| 151 | |
---|
| 152 | // user caching |
---|
| 153 | cacheUsers = true |
---|
| 154 | |
---|
| 155 | // CAS |
---|
| 156 | useCAS = false |
---|
| 157 | cas.casServer = 'localhost' |
---|
| 158 | cas.casServerPort = '443' |
---|
| 159 | cas.casServerSecure = true |
---|
| 160 | cas.localhostSecure = true |
---|
| 161 | cas.failureURL = '/denied.jsp' |
---|
| 162 | cas.defaultTargetURL = '/' |
---|
| 163 | cas.fullLoginURL = 'https://localhost:443/cas/login' |
---|
| 164 | cas.fullServiceURL = 'https://localhost:443/cas' |
---|
| 165 | cas.authenticationProviderKey = 'cas_key_changeme' |
---|
| 166 | cas.userDetailsService = 'userDetailsService' |
---|
| 167 | cas.sendRenew = false |
---|
| 168 | cas.proxyReceptorUrl = '/secure/receptor' |
---|
| 169 | cas.filterProcessesUrl = '/j_spring_cas_security_check' |
---|
| 170 | |
---|
| 171 | // NTLM |
---|
| 172 | useNtlm = false |
---|
| 173 | ntlm.stripDomain = true |
---|
| 174 | ntlm.retryOnAuthFailure = true |
---|
| 175 | ntlm.forceIdentification = false |
---|
| 176 | ntlm.defaultDomain = null // set in SecurityConfig.groovy |
---|
| 177 | ntlm.netbiosWINS = null // set in SecurityConfig.groovy |
---|
| 178 | |
---|
| 179 | // port mappings |
---|
| 180 | httpPort = 8080 |
---|
| 181 | httpsPort = 8443 |
---|
| 182 | |
---|
| 183 | // secure channel filter (http/https) |
---|
| 184 | secureChannelDefinitionSource = '' |
---|
| 185 | channelConfig = [secure: [], insecure: []] |
---|
| 186 | |
---|
| 187 | // ip restriction filter |
---|
| 188 | ipRestrictions = [:] |
---|
| 189 | |
---|
| 190 | // Facebook Connect |
---|
| 191 | useFacebook = false |
---|
| 192 | facebook.filterProcessesUrl = '/j_spring_facebook_security_check' |
---|
| 193 | facebook.authenticationUrlRoot = 'http://www.facebook.com/login.php?v=1.0&api_key=' |
---|
| 194 | facebook.apiKey = '' // set in SecurityConfig |
---|
| 195 | facebook.secretKey = '' // set in SecurityConfig |
---|
| 196 | } |
---|