Reputation: 1524
What are my options for securing Spring Security UI?
I'm using the default securityConfigType which is set to use annotations.
What are my options for securing Spring Security UI controllers themselves?
Do I need to use s2ui-override on all of the controllers to secure them via subclassing?
Updating Spring Security UI plugin and add @Secured(['ROLE_ADMIN']) on controllers ?
Or is there some easier way?
Can I mix Spring security access control mechanisms (ex : mix annotations and static URL rules).
Upvotes: 3
Views: 446
Answers (1)
Reputation: 75671
Use grails.plugins.springsecurity.controllerAnnotations.staticRules instead of editing or overriding controllers just to add security. Typically that's used for static resources like javascript, but it's good for controllers that you can't (or shouldn't) edit.
You could also switch to one of the other two mechanisms (database requestmaps or the static Map in Config.groovy) but I prefer annotations since they keep the security information alongside the affected code.
Upvotes: 5
Related Questions
- Grails 3 - Security without plugins
- Spring security grails plugin
- Grails spring Security UI
- Spring Security UI and grails 2.0
- Instructions needed to integrate spring-security-ui into my grails application
- Spring Security UI 0.2
- Grails Security Plugin
- Securing Grails plugin controllers
- Extending Spring Security UI plugin (and plugins in general)
- Spring Security UI, recommendation on other complementary Forms / UI plugins