Changeset 69 for branches/TaskRewrite/src/grails-app/conf/SecurityConfig.groovy

Timestamp:

Mar 9, 2009, 10:31:40 AM (16 years ago)

Author:

gav

Message:

Add TaskPriority? and TaskType? domains, generate views and controllers.
Tweak security extensively.
Use 'extend BaseController?' to pass ROLE_USER to most controllers.
Add parentTask and subTask to Task Domain.

File:

• branches/TaskRewrite/src/grails-app/conf/SecurityConfig.groovy (modified) (1 diff)

branches/TaskRewrite/src/grails-app/conf/SecurityConfig.groovy

@@ -13 +13 @@
 
     //Required if we want to run "grails generate-manager"
-    //Which recreates the controller and views, so save the views.
+    //Which recreates the controller and views, so save the views!
 //     requestMapClass = 'Requestmap'
 
     useRequestMapDomainClass = false
     useControllerAnnotations = true
+
+    //Set true especially if used across the internet.
+    forceHttps = 'true'
+
+    //Pessimistic locking, deny access to all URLs that don't 
+    //have an applicable URL-Role configuration.
+    //This forces us to set an annotation, static rule or
+    //extend BaseController and prevents accidentally leaving pages open.
+    controllerAnnotationsRejectIfNoRule = true
+    
+    //Static rules for controllers, actions and urls.
+    //Since we are using pessimistic locking we have to set some things
+    //here but most security should be set in the controllers.
+    controllerAnnotationStaticRules = [
+    '/': ['IS_AUTHENTICATED_FULLY'],
+    '/index.gsp': ['IS_AUTHENTICATED_FULLY'],
+    '/css/*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
+    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
+    '/login*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
+    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
+    '/logout*': ['IS_AUTHENTICATED_FULLY'],
+    '/logout/**': ['IS_AUTHENTICATED_FULLY']
+    ]
+
+    //We always want to go to the home page so that bookmarks are not used.
+    defaultTargetUrl = '/appCore/home'
+    alwaysUseDefaultTargetUrl = true
+
 }