| 1 | security { |
|---|
| 2 | |
|---|
| 3 | // see DefaultSecurityConfig.groovy for all settable/overridable properties |
|---|
| 4 | |
|---|
| 5 | active = true |
|---|
| 6 | |
|---|
| 7 | loginUserDomainClass = "Person" |
|---|
| 8 | userName = 'loginName' |
|---|
| 9 | password = 'password' |
|---|
| 10 | enabled = 'isActive' |
|---|
| 11 | |
|---|
| 12 | authorityDomainClass = "Authority" |
|---|
| 13 | |
|---|
| 14 | //Required if we want to run "grails generate-manager" |
|---|
| 15 | //Which recreates the controller and views, so save the views! |
|---|
| 16 | // requestMapClass = 'Requestmap' |
|---|
| 17 | |
|---|
| 18 | useRequestMapDomainClass = false |
|---|
| 19 | useControllerAnnotations = true |
|---|
| 20 | |
|---|
| 21 | //Set true especially if used across the internet. |
|---|
| 22 | forceHttps = 'false' |
|---|
| 23 | |
|---|
| 24 | //Pessimistic locking, deny access to all URLs that don't |
|---|
| 25 | //have an applicable URL-Role configuration. |
|---|
| 26 | //This forces us to set an annotation, static rule or |
|---|
| 27 | //extend BaseController and prevents accidentally leaving pages open. |
|---|
| 28 | controllerAnnotationsRejectIfNoRule = true |
|---|
| 29 | |
|---|
| 30 | //Static rules for controllers, actions and urls. |
|---|
| 31 | //Since we are using pessimistic locking we have to set some things |
|---|
| 32 | //here but most security should be set in the controllers. |
|---|
| 33 | controllerAnnotationStaticRules = [ |
|---|
| 34 | '/': ['IS_AUTHENTICATED_FULLY'], |
|---|
| 35 | '/index.gsp': ['IS_AUTHENTICATED_FULLY'], |
|---|
| 36 | '/css/*': ['IS_AUTHENTICATED_ANONYMOUSLY'], |
|---|
| 37 | '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], |
|---|
| 38 | '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], |
|---|
| 39 | '/plugins/help-balloons-1.2/**': ['IS_AUTHENTICATED_FULLY'], |
|---|
| 40 | '/plugins/richui-0.6/**': ['IS_AUTHENTICATED_FULLY'], |
|---|
| 41 | '/login*': ['IS_AUTHENTICATED_ANONYMOUSLY'], |
|---|
| 42 | '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], |
|---|
| 43 | '/logout*': ['IS_AUTHENTICATED_FULLY'], |
|---|
| 44 | '/logout/**': ['IS_AUTHENTICATED_FULLY'] |
|---|
| 45 | ] |
|---|
| 46 | |
|---|
| 47 | //We always want to go to the home page so that bookmarks are not used. |
|---|
| 48 | defaultTargetUrl = '/appCore/home' |
|---|
| 49 | alwaysUseDefaultTargetUrl = true |
|---|
| 50 | |
|---|
| 51 | //User caching, turned this off so that password changes take effect. |
|---|
| 52 | //It would appear that user is still in the session as logout/login |
|---|
| 53 | // is still required for role changes to take effect. |
|---|
| 54 | //If this option causes high database load try: |
|---|
| 55 | // import org.acegisecurity.providers.dao.DaoAuthenticationProvider |
|---|
| 56 | // import org.acegisecurity.context.SecurityContextHolder |
|---|
| 57 | // DaoAuthenticationProvider daoAuthenticationProvider |
|---|
| 58 | // def user = SecurityContextHolder.context.authentication.principal.username |
|---|
| 59 | // daoAuthenticationProvider.userCache.removeUserFromCache(user) |
|---|
| 60 | // in logout controller and perhaps on password change and role change. |
|---|
| 61 | cacheUsers = false |
|---|
| 62 | |
|---|
| 63 | } |
|---|
