File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Groovy and the fly likes What I'm missing with SpringSecurity? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Languages » Groovy
Bookmark "What I Watch "What I New topic

What I'm missing with SpringSecurity?

Hussein Baghdadi
clojure forum advocate

Joined: Nov 08, 2003
Posts: 3476

I'm trying to integrate SpringSecurity plugin into out Grails application.
The admin should be able to access all aspects of ContractController, so I tried:
Every thing works fine (I got the login form and I'm able to access all ContractController functionality).
The client should only be able to show a contract, so I tried:
But upon trying to login as a a client, I didn't got the login form and I'm able to access all aspects of ContractController.
Am I missing something in SpringSecurity?
Should I guard all the controllers this way:
And then restrict access in the controllers via annotations?
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299

Up to this point I've used only the annotations. I haven't needed to dynamically modify access control which is what the RequestMap method allows you to do. So I can't really answer your question except to say that by solely using Annotations, you'll be able to achieve what you want.

GenRocket - Experts at Building Test Data
Mark Spritzler

Joined: Feb 05, 2001
Posts: 17249

Um, did you log out?


Perfect World Programming, LLC - Two Laptop Bag - Tube Organizer
How to Ask Questions the Smart Way FAQ
Mark Spritzler

Joined: Feb 05, 2001
Posts: 17249

I also use the @Secured Annotation on my controller methods and class.

I actually have an opposite problem in my app where I have no security on some controller and methods, but it is blocking my user from accessing it, but I digress.

I think if you have a link on the page where the post action is j_security_logout or j_security_check_logout, the it will clear out the SecurityContext for you.

I agree. Here's the link:
subject: What I'm missing with SpringSecurity?
Similar Threads
SpringSecurity-config.xml doesn´t find http tag
HttpClient Frustration
About SpringSecurity plugin (again)
login.jsp customized by original target url
j_security_check without redirecting