This week's book giveaway is in the OCAJP forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide 1Z0-808 and have Jeanne Boyarsky & Scott Selikoff on-line! See this thread for details.
I'm trying to integrate SpringSecurity plugin into out Grails application.
The admin should be able to access all aspects of ContractController, so I tried:
Every thing works fine (I got the login form and I'm able to access all ContractController functionality).
The client should only be able to show a contract, so I tried:
But upon trying to login as a a client, I didn't got the login form and I'm able to access all aspects of ContractController.
Am I missing something in SpringSecurity?
Should I guard all the controllers this way:
And then restrict access in the controllers via annotations?
Up to this point I've used only the annotations. I haven't needed to dynamically modify access control which is what the RequestMap method allows you to do. So I can't really answer your question except to say that by solely using Annotations, you'll be able to achieve what you want.