1 | security { |
---|
2 | |
---|
3 | /** enable Spring Security or not */ |
---|
4 | active = false |
---|
5 | |
---|
6 | /** login user class fields (default user class = Person)*/ |
---|
7 | loginUserDomainClass = 'Person' |
---|
8 | userName = 'username' |
---|
9 | password = 'passwd' |
---|
10 | enabled = 'enabled' |
---|
11 | relationalAuthorities = 'authorities' |
---|
12 | //you can specify method for to retrieve the roles. (you need to set relationalAuthorities=null) |
---|
13 | getAuthoritiesMethod = null // 'getMoreAuthorities' |
---|
14 | |
---|
15 | /** |
---|
16 | * Authority domain class authority field name |
---|
17 | * authorityFieldInList |
---|
18 | */ |
---|
19 | authorityDomainClass = 'Authority' |
---|
20 | authorityField = 'authority' |
---|
21 | |
---|
22 | /** authenticationProcessingFilter */ |
---|
23 | authenticationFailureUrl = '/login/authfail?login_error=1' |
---|
24 | ajaxAuthenticationFailureUrl = '/login/authfail?ajax=true' |
---|
25 | defaultTargetUrl = '/' |
---|
26 | alwaysUseDefaultTargetUrl = false |
---|
27 | filterProcessesUrl = '/j_spring_security_check' |
---|
28 | |
---|
29 | /** anonymousProcessingFilter */ |
---|
30 | key = 'foo' |
---|
31 | userAttribute = 'anonymousUser,ROLE_ANONYMOUS' |
---|
32 | |
---|
33 | /** authenticationEntryPoint */ |
---|
34 | loginFormUrl = '/login/auth' |
---|
35 | forceHttps = 'false' |
---|
36 | ajaxLoginFormUrl = '/login/authAjax' |
---|
37 | |
---|
38 | /** logoutFilter */ |
---|
39 | afterLogoutUrl = '/' |
---|
40 | |
---|
41 | /** accessDeniedHandler |
---|
42 | * set errorPage to null, if you want to get error code 403 (FORBIDDEN). |
---|
43 | */ |
---|
44 | errorPage = '/login/denied' |
---|
45 | ajaxErrorPage = '/login/deniedAjax' |
---|
46 | ajaxHeader = 'X-Requested-With' |
---|
47 | |
---|
48 | /** passwordEncoder */ |
---|
49 | //The digest algorithm to use. |
---|
50 | //Supports the named Message Digest Algorithms in the Java environment. |
---|
51 | //http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#AppA |
---|
52 | algorithm = 'SHA' // Ex. MD5 SHA |
---|
53 | //use Base64 text ( true or false ) |
---|
54 | encodeHashAsBase64 = false |
---|
55 | |
---|
56 | /** rememberMeServices */ |
---|
57 | cookieName = 'grails_remember_me' |
---|
58 | alwaysRemember = false |
---|
59 | tokenValiditySeconds = 1209600 //14 days |
---|
60 | parameter = '_spring_security_remember_me' |
---|
61 | rememberMeKey = 'grailsRocks' |
---|
62 | |
---|
63 | /** LoggerListener |
---|
64 | * ( add 'log4j.logger.org.springframework.security=info,stdout' |
---|
65 | * to log4j.*.properties to see logs ) |
---|
66 | */ |
---|
67 | useLogger = false |
---|
68 | |
---|
69 | /** use RequestMap from DomainClass */ |
---|
70 | useRequestMapDomainClass = true |
---|
71 | |
---|
72 | /** Requestmap domain class (if useRequestMapDomainClass = true) */ |
---|
73 | requestMapClass = 'Requestmap' |
---|
74 | requestMapPathField = 'url' |
---|
75 | requestMapConfigAttributeField = 'configAttribute' |
---|
76 | |
---|
77 | /** use annotations from Controllers to define security rules */ |
---|
78 | useControllerAnnotations = false |
---|
79 | controllerAnnotationsMatcher = 'ant' // or 'regex' |
---|
80 | controllerAnnotationsMatchesLowercase = true |
---|
81 | controllerAnnotationStaticRules = [:] |
---|
82 | controllerAnnotationsRejectIfNoRule = false |
---|
83 | |
---|
84 | /** |
---|
85 | * if useRequestMapDomainClass is false, set request map pattern in string |
---|
86 | * see example below |
---|
87 | */ |
---|
88 | requestMapString = """ |
---|
89 | CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON |
---|
90 | PATTERN_TYPE_APACHE_ANT |
---|
91 | |
---|
92 | /login/**=IS_AUTHENTICATED_ANONYMOUSLY |
---|
93 | /admin/**=ROLE_USER |
---|
94 | /book/test/**=IS_AUTHENTICATED_FULLY |
---|
95 | /book/**=ROLE_SUPERVISOR |
---|
96 | /**=IS_AUTHENTICATED_ANONYMOUSLY |
---|
97 | """ |
---|
98 | |
---|
99 | // basic auth |
---|
100 | realmName = 'Grails Realm' |
---|
101 | |
---|
102 | /** use basicProcessingFilter */ |
---|
103 | basicProcessingFilter = false |
---|
104 | /** use switchUserProcessingFilter */ |
---|
105 | switchUserProcessingFilter = false |
---|
106 | swswitchUserUrl = '/j_spring_security_switch_user' |
---|
107 | swexitUserUrl = '/j_spring_security_exit_user' |
---|
108 | swtargetUrl = '/' |
---|
109 | |
---|
110 | /**use email notification while registration*/ |
---|
111 | useMail = false |
---|
112 | mailHost = 'localhost' |
---|
113 | mailUsername = 'user@localhost' |
---|
114 | mailPassword = 'sungod' |
---|
115 | mailProtocol = 'smtp' |
---|
116 | mailFrom = 'user@localhost' |
---|
117 | mailPort = 25 |
---|
118 | |
---|
119 | /** default user's role for user registration */ |
---|
120 | defaultRole = 'ROLE_USER' |
---|
121 | |
---|
122 | // OpenId |
---|
123 | useOpenId = false |
---|
124 | openIdNonceMaxSeconds = 300 // max time between auth start and end |
---|
125 | |
---|
126 | // LDAP/ActiveDirectory |
---|
127 | useLdap = false |
---|
128 | ldapRetrieveGroupRoles = true |
---|
129 | ldapRetrieveDatabaseRoles = false |
---|
130 | ldapSearchSubtree = true |
---|
131 | ldapGroupRoleAttribute = 'cn' |
---|
132 | ldapPasswordAttributeName = 'userPassword' |
---|
133 | ldapServer = 'ldap://localhost:389' // 'ldap://ad.example.com', 'ldap://monkeymachine:389/dc=acegisecurity,dc=org' |
---|
134 | ldapManagerDn = 'cn=admin,dc=example,dc=com' |
---|
135 | ldapManagerPassword = 'secret' |
---|
136 | ldapSearchBase = 'dc=example,dc=com' // 'ou=users,dc=example,dc=com' |
---|
137 | ldapSearchFilter = '(uid={0})' //, '(mailNickname={0})' |
---|
138 | ldapGroupSearchBase = 'ou=groups,dc=example,dc=com' |
---|
139 | ldapGroupSearchFilter = 'uniquemember={0}' |
---|
140 | ldapUsePassword = true |
---|
141 | |
---|
142 | // Kerberos |
---|
143 | useKerberos = false |
---|
144 | kerberosLoginConfigFile = 'WEB-INF/jaas.conf' |
---|
145 | kerberosRealm = 'KERBEROS.REALM' |
---|
146 | kerberosKdc = 'krbserver.domain.lan' |
---|
147 | kerberosRetrieveDatabaseRoles = true |
---|
148 | |
---|
149 | // HttpSessionEventPublisher |
---|
150 | useHttpSessionEventPublisher = false |
---|
151 | |
---|
152 | // user caching |
---|
153 | cacheUsers = true |
---|
154 | |
---|
155 | // CAS |
---|
156 | useCAS = false |
---|
157 | cas.casServer = 'localhost' |
---|
158 | cas.casServerPort = '443' |
---|
159 | cas.casServerSecure = true |
---|
160 | cas.localhostSecure = true |
---|
161 | cas.failureURL = '/denied.jsp' |
---|
162 | cas.defaultTargetURL = '/' |
---|
163 | cas.fullLoginURL = 'https://localhost:443/cas/login' |
---|
164 | cas.fullServiceURL = 'https://localhost:443/cas' |
---|
165 | cas.authenticationProviderKey = 'cas_key_changeme' |
---|
166 | cas.userDetailsService = 'userDetailsService' |
---|
167 | cas.sendRenew = false |
---|
168 | cas.proxyReceptorUrl = '/secure/receptor' |
---|
169 | cas.filterProcessesUrl = '/j_spring_cas_security_check' |
---|
170 | |
---|
171 | // NTLM |
---|
172 | useNtlm = false |
---|
173 | ntlm.stripDomain = true |
---|
174 | ntlm.retryOnAuthFailure = true |
---|
175 | ntlm.forceIdentification = false |
---|
176 | ntlm.defaultDomain = null // set in SecurityConfig.groovy |
---|
177 | ntlm.netbiosWINS = null // set in SecurityConfig.groovy |
---|
178 | |
---|
179 | // port mappings |
---|
180 | httpPort = 8080 |
---|
181 | httpsPort = 8443 |
---|
182 | |
---|
183 | // secure channel filter (http/https) |
---|
184 | secureChannelDefinitionSource = '' |
---|
185 | channelConfig = [secure: [], insecure: []] |
---|
186 | |
---|
187 | // ip restriction filter |
---|
188 | ipRestrictions = [:] |
---|
189 | |
---|
190 | // Facebook Connect |
---|
191 | useFacebook = false |
---|
192 | facebook.filterProcessesUrl = '/j_spring_facebook_security_check' |
---|
193 | facebook.authenticationUrlRoot = 'http://www.facebook.com/login.php?v=1.0&api_key=' |
---|
194 | facebook.apiKey = '' // set in SecurityConfig |
---|
195 | facebook.secretKey = '' // set in SecurityConfig |
---|
196 | } |
---|