Grails Spring Security interceptUrlMap not working

1
votes

I use Siteminder with an app but was using spring security core plugin to manage all the other aspects of security. I'm not being blocked from some resources that require a specific role, although I am being kicked to the requestHeaderAuthenticationFilter if I try to hit that url.

Config.groovy

...    
grails.plugin.springsecurity.securityConfigType =   grails.plugin.springsecurity.SecurityConfigType.InterceptUrlMap
grails.plugin.springsecurity.providerNames = ['preauthAuthProvider', 'anonymousAuthenticationProvider']
grails.plugin.springsecurity.filterNames = ['anonymousAuthenticationFilter','requestHeaderAuthenticationFilter']
grails.plugin.springsecurity.filterChain.filterNames = ['anonymousAuthenticationFilter','requestHeaderAuthenticationFilter']
grails.plugin.springsecurity.filterChain.chainMap = [
       '/assets/**': 'anonymousAuthenticationFilter',
       '/public/**': 'anonymousAuthenticationFilter',
       '/auth/**': 'requestHeaderAuthenticationFilter'
]
grails.plugin.springsecurity.x509.checkForPrincipalChanges = 'true'
grails.plugin.springsecurity.logout.afterLogoutUrl='/public/'
grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/auth/home'

grails.plugin.springsecurity.interceptUrlMap = [
    '/auth/admin':                   ['ROLE_SYSTEM_ADMIN'],
    '/auth/constant/**':             ['ROLE_SYSTEM_ADMIN'],
    '/assets/**':                    ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/public/**':                    ['IS_AUTHENTICATED_ANONYMOUSLY'],
    '/auth/**':                      ['IS_AUTHENTICATED_FULLY']
]

When I use the taglib on whether to show the link to those, it works as expected:

<sec:ifAnyGranted roles="ROLE_SYSTEM_ADMIN">
    <g:link uri="/auth/admin">Admin</g:link>
</sec:ifAnyGranted>

I have everything in a group in the URLMappings:

static mappings = {
    group("/auth") {
        "/constant/$action?/$id?(.${format})?"(controller: 'constant')
        "/admin"(view:'/admin')
        "/"(controller:'index',action:'home')
        "/home"(controller:'index',action:'home')
    }
    group("/public") {
        "/"(controller:'index',action:'public')
        "/index"(controller:'index',action:'public')
    }
}

So, the tag seems to be working correctly, but I can still go to that link just fine which means my setup must be messed up somewhere.

Grails 2.4.3

Spring Security Core 2.0-RC4

1
grailsspring-securitygrails-plugin

1 Answers

0
votes
grails.plugin.springsecurity.securityConfigType = "InterceptUrlMap"

by editing this line in your config.groovy would help I think