source: trunk/grails-app/conf/SecurityConfig.groovy @ 133

Last change on this file since 133 was 127, checked in by gav, 16 years ago

Logins now route through a welcome action to allow flash message and user environment setup. Session timeout now user configurable and defaults to 12 hours. Work on Planned Maintenance.

File size: 3.0 KB
Line 
1security {
2
3    def authenticateService
4
5        // see DefaultSecurityConfig.groovy for all settable/overridable properties
6
7        active = true
8
9        loginUserDomainClass = "Person"
10    userName = 'loginName'
11    password = 'password'
12    enabled = 'isActive'
13
14        authorityDomainClass = "Authority"
15
16    //Required if we want to run "grails generate-manager"
17    //Which recreates the controller and views, so save the views!
18//     requestMapClass = 'Requestmap'
19
20    useRequestMapDomainClass = false
21    useControllerAnnotations = true
22
23    //Set true especially if used across the internet.
24    forceHttps = 'false'
25
26    //Pessimistic locking, deny access to all URLs that don't
27    //have an applicable URL-Role configuration.
28    //This forces us to set an annotation, static rule or
29    //extend BaseController and prevents accidentally leaving pages open.
30    controllerAnnotationsRejectIfNoRule = true
31   
32    //Static rules for controllers, actions and urls.
33    //Since we are using pessimistic locking we have to set some things
34    //here but most security should be set in the controllers.
35    controllerAnnotationStaticRules = [
36    '/': ['IS_AUTHENTICATED_FULLY'],
37    '/index.gsp': ['IS_AUTHENTICATED_FULLY'],
38    '/css/*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
39    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
40    '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
41    '/plugins/help-balloons-1.2/**': ['IS_AUTHENTICATED_FULLY'],
42     '/plugins/richui-0.6/**': ['IS_AUTHENTICATED_FULLY'],
43    '/login*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
44    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
45    '/logout*': ['IS_AUTHENTICATED_FULLY'],
46    '/logout/**': ['IS_AUTHENTICATED_FULLY']
47    ]
48
49    //We always want to go to the home page so that bookmarks are not used.
50    defaultTargetUrl = '/appCore/welcome'
51    alwaysUseDefaultTargetUrl = true
52
53    //User caching, turned this off so that password changes take effect.
54    //It would appear that user is still in the session as logout/login
55    // is still required for role changes to take effect.
56    //If this option causes high database load try:
57    //  import org.acegisecurity.providers.dao.DaoAuthenticationProvider
58    //  import org.acegisecurity.context.SecurityContextHolder
59    //  DaoAuthenticationProvider daoAuthenticationProvider
60    //  def user = SecurityContextHolder.context.authentication.principal.username
61    //  daoAuthenticationProvider.userCache.removeUserFromCache(user)
62    //  in logout controller and perhaps on password change and role change.
63    cacheUsers = false
64
65//    //List for and events and run the closure(s) that follow.
66//    //Unfortunately the session is not available yet so many things can't be done here, us an defaultTargetUrl and controller.
67//    useSecurityEventListener = true
68//
69//    onAuthenticationSuccessEvent = { e, appCtx ->
70//        def p = e.source.principal
71//        def personInstance = Person.findByLoginName(p.username)
72//        println p.username
73//        println personInstance.loginName
74//        println personInstance.firstName
75//    }
76
77}
Note: See TracBrowser for help on using the repository browser.