Restricting Access To Plugin’s Classes With Spring Security

Posted by Hitesh Bhatia

Many of Grails plugin like searchable and console can prove to be really dangerous if access to their URLs is not blocked. After adding searchable plugin to my project, I realized that access to its controllers was not defined and was open for all. Now this was a major security concern. There are many ways of restricting access like doing it manually in filters. But since I am using spring security plugin, there was a better way out. It allows to create mapping (static rules) as configuration for different user roles.

There are different ways of securing url in spring security plugin. And since I am using annotations, I’ll be defining static rule for annotations only.


grails.plugins.springsecurity.controllerAnnotations.staticRules = [

'/console/**': ['ROLE_ADMIN'],

'/searchable/**': ['ROLE_ADMIN']

]

By doing this I blocked access for all but ones with the role “ROLE_ADMIN” for console and searchable controllers.

_________________________________

Hitesh Bhatia
Mail,LinkedIn,Facebook,Twitter
_________________________________

Tags: Annotations, console, mapping, searchable, spring security, static roles

This entry was posted on May 3rd, 2012 at 2:25 pm and is filed under Grails . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Restricting Access To Plugin’s Classes With Spring Security”

Questa settimana in Grails (2012-18) - luca-canducci.com - Il blog di Luca Canducci: notizie, tips e nuove tecnologie dal mondo dell’IT. says:

May 8, 2012 at 1:47 am

[...] Restricting Access To Plugin’s Classes With Spring Security [...]
An Army of Solipsists » Blog Archive » This Week in Grails (2012-18) says:

May 9, 2012 at 11:12 am

[...] Restricting Access To Plugin’s Classes With Spring Security [...]