source: trunk/grails-app/conf/SecurityConfig.groovy @ 288

Last change on this file since 288 was 231, checked in by gav, 15 years ago

Security config adjustment to allow anonymous access to plugin css, js and images.

File size: 3.4 KB
RevLine 
[58]1security {
2
[127]3    def authenticateService
4
[147]5        // See DefaultSecurityConfig.groovy for all settable/overridable properties
[58]6
7        active = true
8
9        loginUserDomainClass = "Person"
10    userName = 'loginName'
11    password = 'password'
12    enabled = 'isActive'
13
14        authorityDomainClass = "Authority"
15
[147]16    // Required if we want to run "grails generate-manager"
17    // Which recreates the controller and views, so save the views!
[58]18//     requestMapClass = 'Requestmap'
19
[147]20    // The whole application relies on controllerAnnotations and the static rules bellow.
[58]21    useRequestMapDomainClass = false
22    useControllerAnnotations = true
[69]23
[147]24    // Set true especially if used across the internet.
[71]25    forceHttps = 'false'
[69]26
[147]27    // Pessimistic locking, deny access to all URLs that don't
28    // have an applicable URL-Role configuration.
29    // This forces us to set an annotation, static rule or
30    // extend BaseController and prevents accidentally leaving pages open.
[69]31    controllerAnnotationsRejectIfNoRule = true
[147]32
33    // Static rules for controllers, actions and urls.
34    // Since we are using pessimistic locking we have to set some things
35    // here but most security should be set in the controllers.
[69]36    controllerAnnotationStaticRules = [
37    '/': ['IS_AUTHENTICATED_FULLY'],
38    '/index.gsp': ['IS_AUTHENTICATED_FULLY'],
39    '/css/*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
40    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
[98]41    '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
[147]42    '/plugins/**': ['IS_AUTHENTICATED_FULLY'],
[231]43    '/plugins/*/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
44    '/plugins/*/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
45    '/plugins/*/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
[147]46    '/classDiagram*': ['IS_AUTHENTICATED_FULLY'],
47    '/classDiagram/**': ['IS_AUTHENTICATED_FULLY'],
[69]48    '/login*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
49    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
50    '/logout*': ['IS_AUTHENTICATED_FULLY'],
[182]51    '/logout/**': ['IS_AUTHENTICATED_FULLY'],
52    '/image*': ['IS_AUTHENTICATED_FULLY'],
53    '/image/**': ['IS_AUTHENTICATED_FULLY']
[69]54    ]
55
[147]56    // Always call the welcome action so that bookmarks are not used, a
57    // welcome message can be populated and the sessionTimeout can be set.
[127]58    defaultTargetUrl = '/appCore/welcome'
[69]59    alwaysUseDefaultTargetUrl = true
60
[147]61    // User caching, turned this off so that password changes take effect.
62    // It would appear that user is still in the session as logout/login
[73]63    // is still required for role changes to take effect.
[147]64    // If this option causes high database load try:
[73]65    //  import org.acegisecurity.providers.dao.DaoAuthenticationProvider
66    //  import org.acegisecurity.context.SecurityContextHolder
67    //  DaoAuthenticationProvider daoAuthenticationProvider
68    //  def user = SecurityContextHolder.context.authentication.principal.username
69    //  daoAuthenticationProvider.userCache.removeUserFromCache(user)
70    //  in logout controller and perhaps on password change and role change.
71    cacheUsers = false
72
[147]73//    // Listen for events and run the closure(s) that follow.
74//    // Unfortunately the session is not available yet so many things can't be done here, use a defaultTargetUrl and controller.
[127]75//    useSecurityEventListener = true
76//
77//    onAuthenticationSuccessEvent = { e, appCtx ->
78//        def p = e.source.principal
79//        def personInstance = Person.findByLoginName(p.username)
80//        println p.username
81//        println personInstance.loginName
82//        println personInstance.firstName
83//    }
84
[58]85}
Note: See TracBrowser for help on using the repository browser.