source: branches/features/taskProcedureRework/grails-app/conf/SecurityConfig.groovy @ 787

Last change on this file since 787 was 532, checked in by gav, 15 years ago

Install jasper plugin.
Add BuildConfig.groovy.
Svn delete mysql-connector jar since it is now a dependancy in BuildConfig and download from maven central, version also updated to 5.1.9.

File size: 3.6 KB
Line 
1security {
2
3    def authenticateService
4
5        // See DefaultSecurityConfig.groovy for all settable/overridable properties
6
7        active = true
8
9        loginUserDomainClass = "Person"
10    userName = 'loginName'
11    password = 'password'
12    enabled = 'isActive'
13
14        authorityDomainClass = "Authority"
15
16    // Required if we want to run "grails generate-manager"
17    // Which recreates the controller and views, so save the views!
18//     requestMapClass = 'Requestmap'
19
20    // The whole application relies on controllerAnnotations and the static rules bellow.
21    useRequestMapDomainClass = false
22    useControllerAnnotations = true
23
24    // Set true especially if used across the internet.
25    forceHttps = 'false'
26
27    // Pessimistic locking, deny access to all URLs that don't
28    // have an applicable URL-Role configuration.
29    // This forces us to set an annotation, static rule or
30    // extend BaseController and prevents accidentally leaving pages open.
31    controllerAnnotationsRejectIfNoRule = true
32
33    // Static rules for controllers, actions and urls.
34    // Since we are using pessimistic locking we have to set some things
35    // here but most security should be set in the controllers.
36    controllerAnnotationStaticRules = [
37    '/': ['IS_AUTHENTICATED_FULLY'],
38    '/index.gsp': ['IS_AUTHENTICATED_FULLY'],
39    '/css/*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
40    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
41    '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
42    '/plugins/**': ['IS_AUTHENTICATED_FULLY'],
43    '/plugins/*/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
44    '/plugins/*/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
45    '/plugins/*/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
46    '/classDiagram*': ['IS_AUTHENTICATED_FULLY'],
47    '/classDiagram/**': ['IS_AUTHENTICATED_FULLY'],
48    '/login*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
49    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
50    '/logout*': ['IS_AUTHENTICATED_FULLY'],
51    '/logout/**': ['IS_AUTHENTICATED_FULLY'],
52    '/image*': ['IS_AUTHENTICATED_FULLY'],
53    '/image/**': ['IS_AUTHENTICATED_FULLY'],
54    '/reports*': ['IS_AUTHENTICATED_FULLY'],
55    '/reports/**': ['IS_AUTHENTICATED_FULLY'],
56    '/jasper*': ['IS_AUTHENTICATED_FULLY'],
57    '/jasper/**': ['IS_AUTHENTICATED_FULLY']
58    ]
59
60    // Always call the welcome action so that bookmarks are not used, a
61    // welcome message can be populated and the sessionTimeout can be set.
62    defaultTargetUrl = '/appCore/welcome'
63    alwaysUseDefaultTargetUrl = true
64
65    // User caching, turned this off so that password changes take effect.
66    // It would appear that user is still in the session as logout/login
67    // is still required for role changes to take effect.
68    // If this option causes high database load try:
69    //  import org.acegisecurity.providers.dao.DaoAuthenticationProvider
70    //  import org.acegisecurity.context.SecurityContextHolder
71    //  DaoAuthenticationProvider daoAuthenticationProvider
72    //  def user = SecurityContextHolder.context.authentication.principal.username
73    //  daoAuthenticationProvider.userCache.removeUserFromCache(user)
74    //  in logout controller and perhaps on password change and role change.
75    cacheUsers = false
76
77//    // Listen for events and run the closure(s) that follow.
78//    // Unfortunately the session is not available yet so many things can't be done here, use a defaultTargetUrl and controller.
79//    useSecurityEventListener = true
80//
81//    onAuthenticationSuccessEvent = { e, appCtx ->
82//        def p = e.source.principal
83//        def personInstance = Person.findByLoginName(p.username)
84//        println p.username
85//        println personInstance.loginName
86//        println personInstance.firstName
87//    }
88
89}
Note: See TracBrowser for help on using the repository browser.