1
votes

I am trying to access the Config of the grails application via the @Secured annotation of spring security with the aim to externalize the role name later.

Sadly, I wasn't able to get this working. Neither by trying to use deprecated ConfigurationHolder class nor getting reference to grailsApplication object.

import org.codehaus.groovy.grails.commons.ConfigurationHolder as CH
@Secured([CH.config.grails.app.user])
class MyController { ...}

Config.groovy:
...
grails.app.user = "ROLE_APPNAME_USER"
...

Does anyone have an advice how to solve this?

EDIT
Came across Burt's article which was informational.

1

1 Answers

4
votes

You can't - annotation element values must be compile-time constants because they're resolved by the compiler and stored as part of the class bytecode.

You may have more luck using one of the other mechanisms to specify security constraints (static rules or Requestmap instances in the database) instead of annotations.