source: trunk/grails-app/conf/SecurityConfig.groovy @ 139

Last change on this file since 139 was 139, checked in by gav, 15 years ago

Install Navigation plugin, work on navigation and hopefully fixed a few more IE vs Firefox CSS issues.
New skin for class-diagram plugin.
Adjust security config to suite.
Replace home.gsp with start.gsp, remove options.gsp and acknowledgements.gsp as they are now on start.gsp tabs.
Create search pages for Tasks, Assets and Inventory.
Change suggested login to manager.
Change all date formats to format="EEE, dd-MMM-yyyy".
File size: 3.2 KB
Line 
1security {
2
3    def authenticateService
4
5        // see DefaultSecurityConfig.groovy for all settable/overridable properties
6
7        active = true
8
9        loginUserDomainClass = "Person"
10    userName = 'loginName'
11    password = 'password'
12    enabled = 'isActive'
13
14        authorityDomainClass = "Authority"
15
16    //Required if we want to run "grails generate-manager"
17    //Which recreates the controller and views, so save the views!
18//     requestMapClass = 'Requestmap'
19
20    useRequestMapDomainClass = false
21    useControllerAnnotations = true
22
23    //Set true especially if used across the internet.
24    forceHttps = 'false'
25
26    //Pessimistic locking, deny access to all URLs that don't
27    //have an applicable URL-Role configuration.
28    //This forces us to set an annotation, static rule or
29    //extend BaseController and prevents accidentally leaving pages open.
30    controllerAnnotationsRejectIfNoRule = true
31   
32    //Static rules for controllers, actions and urls.
33    //Since we are using pessimistic locking we have to set some things
34    //here but most security should be set in the controllers.
35    controllerAnnotationStaticRules = [
36    '/': ['IS_AUTHENTICATED_FULLY'],
37    '/index.gsp': ['IS_AUTHENTICATED_FULLY'],
38    '/css/*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
39    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
40    '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
41    '/plugins/help-balloons-1.2/**': ['IS_AUTHENTICATED_FULLY'],
42    '/plugins/richui-0.6/**': ['IS_AUTHENTICATED_FULLY'],
43    '/plugins/navigation-1.1/**': ['IS_AUTHENTICATED_FULLY'],
44    '/plugins/class-diagram-0.3/**': ['IS_AUTHENTICATED_FULLY'],
45    '/classDiagram*': ['IS_AUTHENTICATED_FULLY'],
46    '/classDiagram/**': ['IS_AUTHENTICATED_FULLY'],
47    '/login*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
48    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
49    '/logout*': ['IS_AUTHENTICATED_FULLY'],
50    '/logout/**': ['IS_AUTHENTICATED_FULLY']
51    ]
52
53    //We always want to go to the home page so that bookmarks are not used.
54    defaultTargetUrl = '/appCore/welcome'
55    alwaysUseDefaultTargetUrl = true
56
57    //User caching, turned this off so that password changes take effect.
58    //It would appear that user is still in the session as logout/login
59    // is still required for role changes to take effect.
60    //If this option causes high database load try:
61    //  import org.acegisecurity.providers.dao.DaoAuthenticationProvider
62    //  import org.acegisecurity.context.SecurityContextHolder
63    //  DaoAuthenticationProvider daoAuthenticationProvider
64    //  def user = SecurityContextHolder.context.authentication.principal.username
65    //  daoAuthenticationProvider.userCache.removeUserFromCache(user)
66    //  in logout controller and perhaps on password change and role change.
67    cacheUsers = false
68
69//    //List for and events and run the closure(s) that follow.
70//    //Unfortunately the session is not available yet so many things can't be done here, us an defaultTargetUrl and controller.
71//    useSecurityEventListener = true
72//
73//    onAuthenticationSuccessEvent = { e, appCtx ->
74//        def p = e.source.principal
75//        def personInstance = Person.findByLoginName(p.username)
76//        println p.username
77//        println personInstance.loginName
78//        println personInstance.firstName
79//    }
80
81}
Note: See TracBrowser for help on using the repository browser.