I am using Grails 2.4.5 and I have created a new application TestSecurity, created a simple controller SercuredController, that is accessible from the interface.
package testsecurity
class SecuredController {
def index() {
render 'HELLO FROM CONTROLLER'
}
}
Then I added a spring_security_core plugin: I added compile ":spring-security-core:2.0-RC4". Then s2-quickstart com.testapp User Role
Then I start the application and spring_security doesn't allow me to enter http://localhost:8080/TestSecurity/secured/index and ask for the password and login. I haven't added @Secured(['ROLE_ADMIN']) or any other annotations. How to fix this bug?
In tutorial http://grails-plugins.github.io/grails-spring-security-core/guide/single.html#tutorials it is said that without annotation the controller must not be secured and can be accessed.
Config.groovy file looks as follows:
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.testapp.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.testapp.UserRole'
grails.plugin.springsecurity.authority.className = 'com.testapp.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll']
]
