source: trunk/grails-app/conf/SecurityConfig.groovy @ 142

Last change on this file since 142 was 140, checked in by gav, 15 years ago

Install filterPane plugin and configure for Tasks.
File size: 3.3 KB
Line 
1security {
2
3    def authenticateService
4
5        // see DefaultSecurityConfig.groovy for all settable/overridable properties
6
7        active = true
8
9        loginUserDomainClass = "Person"
10    userName = 'loginName'
11    password = 'password'
12    enabled = 'isActive'
13
14        authorityDomainClass = "Authority"
15
16    //Required if we want to run "grails generate-manager"
17    //Which recreates the controller and views, so save the views!
18//     requestMapClass = 'Requestmap'
19
20    useRequestMapDomainClass = false
21    useControllerAnnotations = true
22
23    //Set true especially if used across the internet.
24    forceHttps = 'false'
25
26    //Pessimistic locking, deny access to all URLs that don't
27    //have an applicable URL-Role configuration.
28    //This forces us to set an annotation, static rule or
29    //extend BaseController and prevents accidentally leaving pages open.
30    controllerAnnotationsRejectIfNoRule = true
31   
32    //Static rules for controllers, actions and urls.
33    //Since we are using pessimistic locking we have to set some things
34    //here but most security should be set in the controllers.
35    controllerAnnotationStaticRules = [
36    '/': ['IS_AUTHENTICATED_FULLY'],
37    '/index.gsp': ['IS_AUTHENTICATED_FULLY'],
38    '/css/*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
39    '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
40    '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
41    '/plugins/help-balloons-1.2/**': ['IS_AUTHENTICATED_FULLY'],
42    '/plugins/richui-0.6/**': ['IS_AUTHENTICATED_FULLY'],
43    '/plugins/navigation-1.1/**': ['IS_AUTHENTICATED_FULLY'],
44    '/plugins/filterpane-0.6.2/**': ['IS_AUTHENTICATED_FULLY'],
45    '/plugins/class-diagram-0.3/**': ['IS_AUTHENTICATED_FULLY'],
46    '/classDiagram*': ['IS_AUTHENTICATED_FULLY'],
47    '/classDiagram/**': ['IS_AUTHENTICATED_FULLY'],
48    '/login*': ['IS_AUTHENTICATED_ANONYMOUSLY'],
49    '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'],
50    '/logout*': ['IS_AUTHENTICATED_FULLY'],
51    '/logout/**': ['IS_AUTHENTICATED_FULLY']
52    ]
53
54    //We always want to go to the home page so that bookmarks are not used.
55    defaultTargetUrl = '/appCore/welcome'
56    alwaysUseDefaultTargetUrl = true
57
58    //User caching, turned this off so that password changes take effect.
59    //It would appear that user is still in the session as logout/login
60    // is still required for role changes to take effect.
61    //If this option causes high database load try:
62    //  import org.acegisecurity.providers.dao.DaoAuthenticationProvider
63    //  import org.acegisecurity.context.SecurityContextHolder
64    //  DaoAuthenticationProvider daoAuthenticationProvider
65    //  def user = SecurityContextHolder.context.authentication.principal.username
66    //  daoAuthenticationProvider.userCache.removeUserFromCache(user)
67    //  in logout controller and perhaps on password change and role change.
68    cacheUsers = false
69
70//    //List for and events and run the closure(s) that follow.
71//    //Unfortunately the session is not available yet so many things can't be done here, us an defaultTargetUrl and controller.
72//    useSecurityEventListener = true
73//
74//    onAuthenticationSuccessEvent = { e, appCtx ->
75//        def p = e.source.principal
76//        def personInstance = Person.findByLoginName(p.username)
77//        println p.username
78//        println personInstance.loginName
79//        println personInstance.firstName
80//    }
81
82}
Note: See TracBrowser for help on using the repository browser.