source: trunk/src/grails-app/conf/SecurityConfig.groovy @ 99

Last change on this file since 99 was 98, checked in by gav, 16 years ago

Installed help-balloons plugin.
Adjust security config to allow javascript and help-balloons folders.
Add "Repeat password" to change password.
Detailed Entry views, including only allow user to edit their own entries.
Adjust Entry constraints.
Add comments to layouts/main.gsp.
Work on TaskDetailed? view to show entry durations and allow editing.
Entry duration formatting to CSS and increased base font size to 14px.

File size: 2.4 KB
Line 
1security {
2
3        // see DefaultSecurityConfig.groovy for all settable/overridable properties
4
5        active = true
6
7        loginUserDomainClass = "Person"
8    userName = 'loginName'
9    password = 'password'
10    enabled = 'isActive'
11
12        authorityDomainClass = "Authority"
13
14    //Required if we want to run "grails generate-manager"
15    //Which recreates the controller and views, so save the views!
16//     requestMapClass = 'Requestmap'
17
18    useRequestMapDomainClass = false
19    useControllerAnnotations = true
20
21    //Set true especially if used across the internet.
22    forceHttps = 'false'
23
24    //Pessimistic locking, deny access to all URLs that don't
25    //have an applicable URL-Role configuration.
26    //This forces us to set an annotation, static rule or
27    //extend BaseController and prevents accidentally leaving pages open.
28    controllerAnnotationsRejectIfNoRule = true
29   
30    //Static rules for controllers, actions and urls.
31    //Since we are using pessimistic locking we have to set some things
32    //here but most security should be set in the controllers.
33    controllerAnnotationStaticRules = [
34    '/': ['IS_AUTHENTICATED_FULLY'],
35    '/index.gsp': ['IS_AUTHENTICATED_FULLY'],
36    '/css/*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
37    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
38    '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
39    '/plugins/help-balloons-1.2/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
40    '/login*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
41    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
42    '/logout*': ['IS_AUTHENTICATED_FULLY'],
43    '/logout/**': ['IS_AUTHENTICATED_FULLY']
44    ]
45
46    //We always want to go to the home page so that bookmarks are not used.
47    defaultTargetUrl = '/appCore/home'
48    alwaysUseDefaultTargetUrl = true
49
50    //User caching, turned this off so that password changes take effect.
51    //It would appear that user is still in the session as logout/login
52    // is still required for role changes to take effect.
53    //If this option causes high database load try:
54    //  import org.acegisecurity.providers.dao.DaoAuthenticationProvider
55    //  import org.acegisecurity.context.SecurityContextHolder
56    //  DaoAuthenticationProvider daoAuthenticationProvider
57    //  def user = SecurityContextHolder.context.authentication.principal.username
58    //  daoAuthenticationProvider.userCache.removeUserFromCache(user)
59    //  in logout controller and perhaps on password change and role change.
60    cacheUsers = false
61
62}
Note: See TracBrowser for help on using the repository browser.