Reputation: 742
Spring security @secure not working with role hierarchy in Grails
My Grails is 2.2.1 Java 1.7 Spring-security-core 1.2.7.3 Spring-security-ui 0.2
Similar to the issue in Spring security @secure not working with role hierarchy the security hierarchy is not being respected.
I have three user roles ROLE_ADMIN, ROLE_USER, ROLE_USER_NOT_CONFIRMED
Based on the Spring documentation http://grails-plugins.github.io/grails-spring-security-core/guide/hierarchicalRoles.html
I added the following code into the Config.groovy:
grails.plugin.springsecurity.roleHierarchy = '''
ROLE_ADMIN > ROLE_USER
'''
and based on Grails: SpringSecurity roleHierarchy not working as expected I tried:
grails.plugin.springsecurity.roleHierarchy = '''
ROLE_ADMIN > ROLE_USER
ROLE_USER > ROLE_USER_NOT_CONFIRMED
'''
I'm not what the syntax is to add DefaultMethodSecurityExpressionHandler in grails or if it is required.
In a Controller Method I preface with @Secured(['ROLE_USER']) and when I'm logged in as ROLE_ADMIN it throws a permissions error.
Upvotes: 0
Views: 740
Answers (1)
Reputation: 1036
I think this configuration is ok for the new release of the plugin (version 2.0). Could you try to modify your config with this code ('s' after plugin):
grails.plugins.springsecurity.roleHierarchy = '''
ROLE_ADMIN > ROLE_USER
ROLE_USER > ROLE_USER_NOT_CONFIRMED
'''
Hope that helps.
Upvotes: 1
Related Questions
- Spring Security Role Hierarchy not working using Java Config
- grails spring security role and group
- Grails: @Secured annotation for OR roles
- Spring Security Role Domain class not recognized by Grails
- Grails 2.4.4 spring security role doesn't apply to user
- Grails Security Annotations, @Secured(['ROLE_ADMIN']) not displaying content for role
- Spring security @secure not working with role hierarchy
- Spring security - grails restrict with in role
- Grails: SpringSecurity roleHierarchy not working as expected
- Access/check Spring Security hierarchical roles programmatically