This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Groovy and the fly likes What I'm missing with SpringSecurity? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Languages » Groovy
Bookmark "What I Watch "What I New topic
Author

What I'm missing with SpringSecurity?

Hussein Baghdadi
clojure forum advocate
Bartender

Joined: Nov 08, 2003
Posts: 3476

Hey,
I'm trying to integrate SpringSecurity plugin into out Grails application.
The admin should be able to access all aspects of ContractController, so I tried:
/contract/**
ROLE_ADMIN
Every thing works fine (I got the login form and I'm able to access all ContractController functionality).
The client should only be able to show a contract, so I tried:
/contract/show/**
ROLE_CLIENT
But upon trying to login as a a client, I didn't got the login form and I'm able to access all aspects of ContractController.
Am I missing something in SpringSecurity?
Should I guard all the controllers this way:
/controller/**
And then restrict access in the controllers via annotations?
Thanks.
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

Up to this point I've used only the annotations. I haven't needed to dynamically modify access control which is what the RequestMap method allows you to do. So I can't really answer your question except to say that by solely using Annotations, you'll be able to achieve what you want.


GenRocket - Experts at Building Test Data
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17249
    
    6

Um, did you log out?

Mark


Perfect World Programming, LLC - Two Laptop Bag - Tube Organizer
How to Ask Questions the Smart Way FAQ
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17249
    
    6

I also use the @Secured Annotation on my controller methods and class.

I actually have an opposite problem in my app where I have no security on some controller and methods, but it is blocking my user from accessing it, but I digress.

I think if you have a link on the page where the post action is j_security_logout or j_security_check_logout, the it will clear out the SecurityContext for you.

Mark
 
wood burning stoves
 
subject: What I'm missing with SpringSecurity?
 
Similar Threads
About SpringSecurity plugin (again)
login.jsp customized by original target url
j_security_check without redirecting
SpringSecurity-config.xml doesn´t find http tag
HttpClient Frustration