source: branches/TaskRewrite/src/grails-app/conf/SecurityConfig.groovy @ 73

Last change on this file since 73 was 73, checked in by gav, 11 years ago

Add changePassword under options view so that users can change their own password.
Adjust for password validation, userCache etc. Only a small bug during "edit" is left on second "update" command.

File size: 2.3 KB
Line 
1security {
2
3        // see DefaultSecurityConfig.groovy for all settable/overridable properties
4
5        active = true
6
7        loginUserDomainClass = "Person"
8    userName = 'loginName'
9    password = 'password'
10    enabled = 'isActive'
11
12        authorityDomainClass = "Authority"
13
14    //Required if we want to run "grails generate-manager"
15    //Which recreates the controller and views, so save the views!
16//     requestMapClass = 'Requestmap'
17
18    useRequestMapDomainClass = false
19    useControllerAnnotations = true
20
21    //Set true especially if used across the internet.
22    forceHttps = 'false'
23
24    //Pessimistic locking, deny access to all URLs that don't
25    //have an applicable URL-Role configuration.
26    //This forces us to set an annotation, static rule or
27    //extend BaseController and prevents accidentally leaving pages open.
28    controllerAnnotationsRejectIfNoRule = true
29   
30    //Static rules for controllers, actions and urls.
31    //Since we are using pessimistic locking we have to set some things
32    //here but most security should be set in the controllers.
33    controllerAnnotationStaticRules = [
34    '/': ['IS_AUTHENTICATED_FULLY'],
35    '/index.gsp': ['IS_AUTHENTICATED_FULLY'],
36    '/css/*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
37    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
38    '/login*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
39    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
40    '/logout*': ['IS_AUTHENTICATED_FULLY'],
41    '/logout/**': ['IS_AUTHENTICATED_FULLY']
42    ]
43
44    //We always want to go to the home page so that bookmarks are not used.
45    defaultTargetUrl = '/appCore/home'
46    alwaysUseDefaultTargetUrl = true
47
48    //User caching, turned this off so that password changes take effect.
49    //It would appear that user is still in the session as logout/login
50    // is still required for role changes to take effect.
51    //If this option causes high database load try:
52    //  import org.acegisecurity.providers.dao.DaoAuthenticationProvider
53    //  import org.acegisecurity.context.SecurityContextHolder
54    //  DaoAuthenticationProvider daoAuthenticationProvider
55    //  def user = SecurityContextHolder.context.authentication.principal.username
56    //  daoAuthenticationProvider.userCache.removeUserFromCache(user)
57    //  in logout controller and perhaps on password change and role change.
58    cacheUsers = false
59
60}
Note: See TracBrowser for help on using the repository browser.