1 | security { |
---|
2 | |
---|
3 | // see DefaultSecurityConfig.groovy for all settable/overridable properties |
---|
4 | |
---|
5 | active = true |
---|
6 | |
---|
7 | loginUserDomainClass = "Person" |
---|
8 | userName = 'loginName' |
---|
9 | password = 'password' |
---|
10 | enabled = 'isActive' |
---|
11 | |
---|
12 | authorityDomainClass = "Authority" |
---|
13 | |
---|
14 | //Required if we want to run "grails generate-manager" |
---|
15 | //Which recreates the controller and views, so save the views! |
---|
16 | // requestMapClass = 'Requestmap' |
---|
17 | |
---|
18 | useRequestMapDomainClass = false |
---|
19 | useControllerAnnotations = true |
---|
20 | |
---|
21 | //Set true especially if used across the internet. |
---|
22 | forceHttps = 'false' |
---|
23 | |
---|
24 | //Pessimistic locking, deny access to all URLs that don't |
---|
25 | //have an applicable URL-Role configuration. |
---|
26 | //This forces us to set an annotation, static rule or |
---|
27 | //extend BaseController and prevents accidentally leaving pages open. |
---|
28 | controllerAnnotationsRejectIfNoRule = true |
---|
29 | |
---|
30 | //Static rules for controllers, actions and urls. |
---|
31 | //Since we are using pessimistic locking we have to set some things |
---|
32 | //here but most security should be set in the controllers. |
---|
33 | controllerAnnotationStaticRules = [ |
---|
34 | '/': ['IS_AUTHENTICATED_FULLY'], |
---|
35 | '/index.gsp': ['IS_AUTHENTICATED_FULLY'], |
---|
36 | '/css/*': ['IS_AUTHENTICATED_ANONYMOUSLY'], |
---|
37 | '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], |
---|
38 | '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], |
---|
39 | '/plugins/help-balloons-1.2/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], |
---|
40 | '/login*': ['IS_AUTHENTICATED_ANONYMOUSLY'], |
---|
41 | '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], |
---|
42 | '/logout*': ['IS_AUTHENTICATED_FULLY'], |
---|
43 | '/logout/**': ['IS_AUTHENTICATED_FULLY'] |
---|
44 | ] |
---|
45 | |
---|
46 | //We always want to go to the home page so that bookmarks are not used. |
---|
47 | defaultTargetUrl = '/appCore/home' |
---|
48 | alwaysUseDefaultTargetUrl = true |
---|
49 | |
---|
50 | //User caching, turned this off so that password changes take effect. |
---|
51 | //It would appear that user is still in the session as logout/login |
---|
52 | // is still required for role changes to take effect. |
---|
53 | //If this option causes high database load try: |
---|
54 | // import org.acegisecurity.providers.dao.DaoAuthenticationProvider |
---|
55 | // import org.acegisecurity.context.SecurityContextHolder |
---|
56 | // DaoAuthenticationProvider daoAuthenticationProvider |
---|
57 | // def user = SecurityContextHolder.context.authentication.principal.username |
---|
58 | // daoAuthenticationProvider.userCache.removeUserFromCache(user) |
---|
59 | // in logout controller and perhaps on password change and role change. |
---|
60 | cacheUsers = false |
---|
61 | |
---|
62 | } |
---|