Reputation: 158
Using grails spring security to secure URLs with http method
I'm using spring security 1.2.7.3, and I want to secure URLs with http method, in other words I want something like this in my config.groovy:
grails.plugins.springsecurity.interceptUrlMap = [
'/api/person/**': ['ROLE_ADMIN'], //IF HTTP "POST"
'/api/person/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], //IF HTTP "GET"
}
Is it possible? I know that there are of course other ways to achieve this but I prefer to solve the problem in this way.
p.s. this question has already been asked here before.
Upvotes: 4
Views: 431
Answers (1)
Reputation: 4809
I tested out the following and it seemed to work quite well:
grails.plugin.springsecurity.securityConfigType = SecurityConfigType.InterceptUrlMap
grails.plugin.springsecurity.interceptUrlMap = [
'/myFirst/**': ["request.getMethod().equals('GET') || hasRole('ROLE_ADMIN')"],
'/mySecond/**': ["permitAll"]
]
I based the usage of request.getMethod() on the documentation found at the link below and took a little liberty in using an || expression.
http://grails-plugins.github.io/grails-spring-security-core/guide/requestMappings.html
In your example you supplied two entries for 'api/person/**', but that unfortunately won't work because each entry would have the same key for the interceptUrlMap. Combine what you want for options with || and &&.
Upvotes: 1
Related Questions
- Spring Security URL Mapping Grails
- Grails secure URL's using get form search
- How to configure grails/spring authentication scheme per url?
- Grails spring security core allow authentication from url
- Grails making URL free for all
- How to secure URLs using Spring security?
- Securing REST API in Grails and Spring Security
- Secured by url spring security
- Securing URL mapping with grails spring security core plugin
- Spring Security and Grails - customizing URLS