Grails Spring Security Plugin + Multiple Security Configurations

1
votes

We are using thew Spring Security Plugin in our grails app. We have useBasicAuth set to true as we use Spring Security to ensure our rest calls are called by trusted sources.

Now we have a requirement to add a user admin section to our system where the user can login with their credentials. With useBasicAuth set to true, if the users session timesout, the popup dialog will appear and ask for the user to re-enter their credentials

For our app, we dont really want this. Is it possible to have multiple setup's where useBasicAuth is set to true for the rest calls but we can use our own custom form for users that log in through a browser? Or is it possible to still use BasicAuth and redirect users that log in through a browser to our custom log in form?

Thanks Damien

1
grailsspring-securitygrails-plugin

1 Answers

3
votes

If you want to have basic auth for all but admin controller, use below in your Config.groovy. It denies basicAuthenticationFilter in this controller. Standard Security should work for this page is such situation.

grails.plugins.springsecurity.filterChain.chainMap = [
    '/admin/**': 'JOINED_FILTERS,-basicAuthenticationFilter,-basicExceptionTranslationFilter',
    '/**': 'JOINED_FILTERS,-exceptionTranslationFilter'
]

More info in documentation: http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/16%20Filters.html under Chain Map.