Disable user authentication in grails' spring-security-core plugin

3
votes

I'm looking to add some security to my small service written on Grails: restriction by IP, force HTTPS and maybe something more later.

So I've added spring-security-core dependency

compile 'org.grails.plugins:spring-security-core:2.0-RC4'

to my build.gradle and something like this

grails.plugin.springsecurity.secureChannel.definition = ['/**': 'REQUIRES_SECURE_CHANNEL']
grails.plugin.springsecurity.ipRestrictions = ['/**': ['127.0.0.1', '%MY-OFFICE-IP-HERE%']]

to my Config.groovy.

Service is quite simple, it only has two controllers that return some data in JSON format. But spring-security-core plugin by default adds user authentication: login page, logout interceptor, access denied handler and so on. I don't need such functionality at this time and want to disable it. How can I do it?

2
grailsspring-security

2 Answers

0
votes

Just add this to your Config.groovy for development environment:

grails.plugin.springsecurity.active = false
0
votes

so what you are saying is you just want IP restriction but not roles, securing your controllers/methods or any actual security for your application because it's in the DMZ???

Then you don't want Spring-security, just implement something like this... How do you get Client IP Address in a Grails controller?

detect IP in filter and reject if it doesn't match acceptable IP's in config